此代码签名证书对于签署小程序是否有效? [英] Is this code signing certificate valid for signing applets?

查看:30
本文介绍了此代码签名证书对于签署小程序是否有效?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们购买了用于签署小程序的代码签名证书,但在签署小程序时出现以下错误.

We purchased a code signing certificate for signing applets, but we get the following error when signing an applet.

    C:\CM\WEB-INF>jarsigner -keystore code_signing.keystore C:\CM\SweetApplet.jar code_signing_real
Enter Passphrase for keystore:
    jarsigner: Certificate chain not found for: code_signing_real.  code_signing_real must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

我们的证书不正确吗?这是下面有问题的证书.错误消息似乎表明证书必须包含私钥,但我们不明白这是怎么回事,因为除了我们之外,私钥永远不会暴露给任何人.

Is our certificate not correct? Here's the certificate in question below. The error message seems to suggest the certificate must contain a private key, but we don't understand how this can be since the private key is never supposed to get exposed to anyone but us.

C:\CM\WEB-INF>keytool -list -keystore code_signing.keystore -alias code_signing_real -v
Enter keystore password:
Alias name: code_signing_real
Creation date: Mar 13, 2014
Entry type: trustedCertEntry

Owner: CN=CE, OU=CE, O=CE, L=PAL
O ALTO, ST=California, C=US
Issuer: CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
Serial number: 728b78e4ded46af26494c59690e428f0
Valid from: Wed Mar 12 17:00:00 PDT 2014 until: Fri Mar 11 15:59:59 PST 2016
Certificate fingerprints:
         MD5:  E0:DB:9E:DC:37:1E:C2:A9:EA:C0:A8:21:22:61:9F:DD
         SHA1: F9:C3:75:37:CA:86:4D:E2:11:BE:52:79:CE:FA:B3:6B:32:F0:CF:D2
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

#3: ObjectId: 2.5.29.4 Criticality=false

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://cs-g2-crl.thawte.com/ThawteCSG2.crl]
]]

#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
  1.3.6.1.4.1.311.2.1.22
]

#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   Object Signing
]

推荐答案

并没有说证书必须包含私钥.证书不包含私钥.再读一遍.它说密钥条目必须包含一个私钥一个证书.

It doesn't say the certificate must contain a private key. Certificates don't contain private keys. Read it again. It says the key entry must contain a private key and a certificate.

所以无论你如何构造这个 KeyStore,它都是无效的.可能您刚刚将签名证书导入到新的 KeyStore 中,或者使用了新的别名.您必须将其导入到私钥所在的原始KeyStore中,与私钥具有相同的别名.

So however you constructed this KeyStore, it is invalid. Probably you just imported the signed certificate into a new KeyStore, or with a new alias. You must import it into the original KeyStore where the private key is, with the same alias as the private key.

您还必须使用另一个别名将证书链作为受信任的 CA 证书导入.

You must also import the certificate chain, as trusted CA certificates, with another alias.

这篇关于此代码签名证书对于签署小程序是否有效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆