I get the following error on a self-signed bank:
jar verified. Warning: This jar contains entries whose certificate chain is not validated. Re-run with the -verbose and -certs options for more details.
I signed the bank as follows:
"C:\Program Files\Java\jdk1.7.0\bin\jarsigner" -keystore myKeyStore myJar.jar myAlias
My bank has two entry points: one for the Java web start and one for the applet.
- If I run jar in java web start, it has no frequency.
- But if I run the jar as an applet. At some point, I get a strong security warning when I try to access the bitmap resource built into the bank.
Using the -verbose and -certs options shows a lot of lines. And I donβt understand anything about this. This is the result: output.txt (part of the 6307 lines below).
s 157850 Tue Nov 08 12:57:44 CET 2011 META-INF/MANIFEST.MF X.509, O=keyja.com [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32] [CertPath not validated: null] 112909 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.SF 1108 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.RSA sm 180 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/k.class X.509, O=keyja.com [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32] [CertPath not validated: null] sm 252 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/r.class ... (around 6000 lines of other output along the same lines) s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. Warning: This jar contains entries whose certificate chain is not validated.
How to sign a jar file?
source share