We recently renewed our code signing certificate for signing java applets, this is the first year we have had to renew it, and the process is a bit different from when we generated it. When we first received the key we did it with a CSR, and the java keytool. So when their renewal process had us generate a Microsoft Authenticode pvk private key, I was a bit confused as to what to do with it. It takes a bit of work to generate a PKCS12 file that java's jarsigner can use, so I'm blogging this so I will remember what to do next year, and also to help out anyone else in this situation.
You will need two files:
- pvk file (generated by IE, and stored in c:/mykey.pvk by default)
- spc file (the cert)
Now to generate a PKCS12 pfx file you need Microsoft's pvkimprt tool (If I could have found this tool sooner, I could have saved myself a lot of time playing with openssl, and the ported pvk tool!). So install and run the tool:
pvkimprt c:/mycert.spc c:/mykey.pvk
Import it into your personal keystore, so we can export it as a pfx file:
- Start-Run: mmc.exe
- Add Snapin: Certificates
- Properties: Add a friendly name to the cert (this will be the alias)
- Export a pfx file
Now that you have your pfx file, your going to need to guess what import and export it again (the docs state that the pfx file will only work on jdk 1.4, I had no luck, so I generated a p12 file as shown below).
- Open up Netscape/Mozilla/Firefox Certificate Manager (Tools-Options-Advanced-Certificates in Firefox)
- Import your pfx file
- Export a p12 file
And after that process you will have a certificate you can use to sign jar files, and possibly start your own import/export business.
Here's the KB article from Thawte, that had I been able to find on my own would have saved me lots of time: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs26925
And here's the ant task I use to sign jar files:
<target name="signjar" depends="jar">
<input
message="Please enter keystore password:"
addproperty="keypass" />
<signjar jar="${lib}/yourJar.jar" storetype="pkcs12"
keystore="${keystore}/yourkey.p12" alias="Your Alias"
storepass="${keypass}"/>
</target>
This process should be a lot easier, I always hate dealing with certificates. I must say however that aside from having a name I can neither pronounce, nor spell consistently Thawte has always been helpful when I contact them.
9888
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
