问题
Another try to open a message here
My company wants to use the deployment rule set for multiple java versions usage.
Currenly we have 1.6.0_13, 1.7.0_51 and 1.8.0_66 Java 8 is what selected in the System tab of the java control home User tab consists of java 6, 7 and 8
all the settings in deployment.properties are default and point to correct locations or values
env variables set java_home ="C:\Program Files (x86)\Java\jdk1.8.0_66\bin" path = set to correct locations
The steps i followed are below,
create the keystore keytool -genkey -dname "cn=drstest, ou=abac, o=mycompany, c=SE" -keyalg RSA -keysize 2048 -alias testsign -keypass password -keystore mykeystore.jks -storepass password -validity 1460
downloaded the csr file keytool -certreq -alias testsign -file certreq.csr -keystore mykeystore.jks -storepass password
Used the csr file and sent it to my company's CA for signing.
Received two files: cer and p7b files from CA
Import CSR reply: keytool -import -trustcacerts -file certnew.p7b -alias testsign -keystore mykeystore.jks -storepass password
Downloaded and added required certificates of the chain in the keystore.
created the ruleset.xml
created the jar file using jar.exe jar.exe -cvf DeploymentRuleSet.jar ruleset.xml
signed the jar file the keystore jarsigner -keystore mykeystore.jks DeploymentRuleSet.jar testsign
added the time stamp jarsigner -verbose -keystore mykeystore.jks -storepass password -keypass password -tsa http://timestamp.comodoca.com/rfc3161 DeploymentRuleSet.jar testsign -J-Dhttp.proxyHost=xxx.xxx.COM -J-Dhttp.proxyPort=8080
Placed the DeploymentRuleSet.jar in the C:\Windows\Sun\Java\Deployment folder
Now when i test using the java control home Control panel -> Java -> Security tab -> View active deployment rule set ->
i get the message as "DeploymentRuleset.jar is invalid" "Can not verify rule set jar"
I can see my certificate in the "View Certificate details"
Now i have spents so many hrs and have gone through so many webpages, and still dont know why it is invalid.
This is not rocket science, but still i am stuck.
Can some one point out where i am going wrong.
********* i am not sure if there are any steps for cacerts file, if i have missed something for cacerts please guide me*************
Regards
回答1:
Try this,
either use an older JDK to sign your DSR jar ... for example the 1.6.0_13 JDK
OR
with your newer JDK add this to your jarsigner command -tsadigestalg SHA1
jarsigner -tsadigestalg SHA1 -verbose -keystore mykeystore.jks -storepass password -keypass password -tsa http://timestamp.comodoca.com/rfc3161 DeploymentRuleSet.jar testsign -J-Dhttp.proxyHost=xxx.xxx.COM -J-Dhttp.proxyPort=8080
Oracle mentions something about it in this article
Java SE from 7 Update 76 and Earlier Throws a JARSigningException with Jar Files Signed Using the '-tsa' Option by Versions of Java SE 8u92-b31 and Later(2191197.1) https://support.oracle.com/epmos/faces/DocContentDisplay?id=2191197.1
Its what worked for me
来源:https://stackoverflow.com/questions/40156219/can-not-verify-rule-set-jar