问题
Today I stumbled upon the weird jarsigner warning: "The signer’s certificate chain is not validated." whilst trying to sign jars.
Recently I got a new keystore (PKCS12) containing my new certificate. Why ever it seemed like there were some certificates missing.
Below is the solution.
回答1:
So I googled an eternity and found the solution for any of you guys who have the same problem: https://jehy.ru/articles/2013/12/12/warning-the-signers-certificate-chain-is-not-validated/
The author of the blog post points out that you just need to import the PKCS12 Keystore with Windows and export it again.
Here the citation of the authors guide (just in case the site is down):
``` 1) Install your .pfx certificate with the “Mark this key as exportable. This will allow you to back up or transport your keys at a later time” and “Include all extended properties” checked.
2) Check that that you have full certificate chain for this certificate and it is valid. Otherwise, install neccessary CA.
3) Export the installed certificate with “Yes, export the private key” option and “Include all certificates in the certification path if possible” and “Export all extended properties” checked under the option .PFX or PKCS #12.
4) Use exported .pfx file to sign the JAR. Don’t forget that it could change alias – get new one with
keytool.exe -list -keystore D:\keys\code.pfx -storetype pkcs12 ```
来源:https://stackoverflow.com/questions/47920119/jarsigner-the-signer-s-certificate-chain-is-not-validated