Geek Answers Handbook

How to import a certificate from GoDaddy to sign Java code?

I need to be able to sign certificate jar files from a certification authority.

I follow the instructions from the GoDaddy documentation on how to do this: http://support.godaddy.com/help/article/4780/signing-java-code

However, in step 3, you need to import the certificate file obtained from the GoDaddy website. According to the documentation, the command:

keytool -import -trustcacerts -keystore codesignstore -storepass <yourstorepwd> -alias codesigncert -file mycert.cer

Although I successfully transmit the CSR (generated keytool) and get a response, I can’t understand for life how to get the mycert.cer file. It is possible to download a PEM file. But after executing the above command, I get the error message "keytool error: java.lang.Exception: Incomplete certificate chain in response." I tried this several times, and double-checked that I was using the correct keystore. I even tried reusing using SSH-1 once and then SSH-2 another time. According to this person ( https://stackoverflow.com/questions/20793254/signing-a-jar-the-signers-certificate-chain-is-not-validated?rq=1 ), they were able to at least successfully import the PEM file . But I'm not sure if this is even the right approach.

GoDaddy's tech support was absolutely terrible. Most of the techs I talked to were not familiar with keytool at all, and it took me several attempts to call them before they sent me to their SSL department (480-505-8852), which is at least slightly better than general support.

If I use Internet Explorer or Firefox, I believe that I can automatically generate CSR instead of creating one of the key tools. Then I export the certificate through a web browser. From reading various other online documents, I believe that I could use openssl to convert to the correct format for keytool. I'm not sure about the details of how this will work, but I don't see any other options.

- - , ? ( java- spc GoDaddy), GoDaddy. , , , .

+4
10

, GoDaddy . SHA-1, SHA-2. SHA-1 , 2016 (. ), , , - SHA-2 SHA-1, , .

SHA-2 SHA-1 , Java GoDaddy .

GoDaddy , Keytool , SHA-2 ( 2048). Keytool, SHA-2 , SHA1 GoDaddy pem @mogsie.

GoDaddy SHA-2, , 2017 , Microsoft SHA-2, 1 2016 , , SHA-1, .

Java Keytool ( 1.6), GoDaddy Sha256sithRSA .

+10

, Waterbear, , GoDaddy- GoKaddy SHA-1. , GoDaddy CA: Class 2 CA, SHA-1 G2 CA, SHA-2. Class 2 CA , Java Truststore (, , SHA-1 certificates ), G2 CA , SHA-2 , ( ). , GoDaddy G2 CA Java Truststore ( 2016 !), , , GoDaddy SHA-2 , .

+5

, , , , , , , , .

godaddy, , CA, .

, :

( , godaddy jks , jks)

:

keytool -genkey -alias codesigncert -keypass yourpassword -keyalg RSA - keysize 2048 -dname "cn = server1.lccc.edu, OU = , O = , L = Schnecksville, ST = , C = "- keystore/home/oracle/codesignstore/codesignstore -storepass yourpassword -validity 720 ( )

crt godaddy

keytool -certreq -v -alias codesigncert - /home/oracle/codesignstore/codesignstore.pem - keystore/home/oracle/codesignstore/codesignstore

open codesignstore.pem godaddy

godaddy , ,

godaddy (https://mya.godaddy.com/)

( )

" SSL"

.

PEM

firefox,

.

() pkcs12

viewer - , jarsigner

,

: (, server1/home/oracle/code_sign_cert_from_godaddy/ godaddy_pkcs12.p12) *

jks, godaddy jks jks

pcks12 jks

keytool -importkeystore - srckeystore/home/oracle/code_sign_cert_from_godaddy/godaddy_pkcs12. p12 -srcstoretype pkcs12 - destkeystore/home/oracle/code_sign_cert_from_godaddy/godaddy_jks.jks -deststoretype jks

jar:

unsign jacob.jar... jacob.jar directory/test_jacob jacob1.jar( 760815.1)

jar xf jacob1.jar

"com" "META-INF", "META-INF"

jacob1.jar

jacob1.jar /test _jacob

jar -cvf jacob1.jar *

jarsigner -verify jacob1.jar, unisigned.

mymanifest.txt

  Permissions: all-permissions

  Codebase: *

  Application-Name: OracleForms

jar -ufm jacob1.jar mymanifest.txt( jar).

jacob1.jar unzip jacob1.jar -d, unzip , , mymanifest.txt jar.

jar

jarsigner - keystore/home/oracle/code_sign_cert_from_godaddy/godaddy_jks.jks - - signedjar/home/oracle/Oracle/Middleware/Oracle_FRHome1/forms/java/tes t_jacob/Signedjacob1.jar jacob1.jar "lehigh carbon community college godaddy.com, inc. id "( firefox )

-signedjar,

, jarsigner

-alias, keytool

, jar

jarsigner -verify Signedjacob1.jar :

jar .

, jar

jar -tvf Signedjacob1.jar

.SF .jar, .DSA .RSA

.jar

jar -tvf Signedjacob1.jar

2721 05 15:57:08 EDT 2014 META-INF/LEHIGH_C.SF

4231 05 15:57:08 EDT 2014 META-INF/LEHIGH_C.RSA

Signedjacob1.jar $ORACLE_HOME/forms/java

-

webutilarchive Jacob.jar Signedjacob1.jar

(em β†’ forms β†’ web configuration β†’ β†’ all ( )

jacob.jar Signedjacob1.jar, , , .

wls_forms, .

+5

@Waterbear SHA-1 SHA-2. , . ( , StackOverflow , .) , GoDaddy SHA-2 , . , SHA-1, SHA-2. , , SHA-1. ( , , GoDaddy .) , , GoDaddy, . , , , (2016?), SHA-2, SHA-1. 1- , SHA-1. SHA-1, GoDaddy β„– 1 . CSR keytool ( -). PEM keytool. ( , GoDaddy " 1" , .)

, , GoDaddy . . , . , , , .

+2
keytool -import -trustcacerts -keystore codesignstore -storepass <yourstorepwd> -alias codesigncert -file mycert.cer

-, ** ** mycert.cer. .

" " - ? ( ) , .

keytool -list -v -keystore codesignstore

, ENTER, , , .

"" .

echo.|keytool -list -v -keystore codesignstore > kstore_result.txt

: . , " ENTER", .:)

keytool -genkey -alias codesigncert -keyalg RSA -validity 1825 -keysize 2048 -keypass <yourstorepwd> -keystore codesignstore -storepass <yourstorepwd>

:

-genkey = generate a key
-keyalg RSA = use RSA key alogorithm
-validity 1825 = how long is the key good for?  Primarily used with self-signed certs as the certs from verisign or Thawte have their own expiration
-keysize 2048 = Is this a 1024 or 2048-bit enryption?
-keypass <yourstorepwd>
-keystore codesignstore
-storepass <yourstorepwd>

, , . , , .:)

, , .

keytool -delete -alias codesigncert -storepass <yourstorepwd> -keystore codesignstore

, , - "" , , .

, Godaddy:

keytool -import -trustcacerts -keystore codesignstore -storepass <yourstorepwd> -alias codesigncert -file mycert.cer

, "" :

keytool
-import
-trustcacerts
-keystore codesignstore
-storepass <yourstorepwd>
-alias codesigncert
-file mycert.cer

, , keytool ? - ..

keytool -help, : -, -importcert

?

Oracle .. http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

, , , ..

, Apache Tomcat (Windows):

%JAVA_HOME%\bin\keytool -delete -alias tomcat -storepass somepass -keystore %JAVA_HOME%\bin\.keystore

..

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -validity 1825 -keysize 2048 -keypass somepass -keystore %JAVA_HOME%\bin\.keystore -storepass somepass
What is your first and last name?
  [Unknown]:  secure.someserver.com
What is the name of your organizational unit?
  [Unknown]:  COMPANY
What is the name of your organization?
  [Unknown]:  COMPANY
What is the name of your City or Locality?
  [Unknown]:  ANYTOWN
What is the name of your State or Province?
  [Unknown]:  MI
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=secure.someserver.com, OU=COMPANY, O=COMPANY, L=ANYTOWN, ST=MI, C=US correct?
  [no]:  yes

. , , .

, ...

+1

, PAD Godaddy, .

( unix):

keytool -printcert -file response-from-godaddy.pem | grep -C1 ^Owner

, , .

Certificate[1]:
Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
--
Certificate[2]:
Owner: CN=Go Daddy Root Certificate Authority - G2, OU=https://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
--
Certificate[3]:
Owner: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
--
Certificate[4]:
Owner: CN=REDACTED
Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US

-, Java cacerts . , .pem, keytool.

, , :

  • PEM.
  • ----BEGIN ----END,
  • keytool -import , .

Presto!

keytool -importcert -v -trustcacerts -keystore XXX -alias codesigning -file 234.pem

:

Certificate reply was installed in keystore
[Storing XXX]
+1

.

keytool -v -genkey -dname "CN = XXX, OU = YYY, O = ZZZ, L = CCC, ST = SSS, C = US" -alias myKey -keypass abc123 -keystore myKeystore -storepass abc123 -validity 1096 -keyalg RSA -keysize 2048 -sigalg SHA1withRSA

keytool -certreq -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -v -alias myKey -file mycsr.pem -keystore myKeystore -storepass abc123

(mycsr.pem) GoDaddy, PEM (1b27b7d7a29a06.pem ).

PEM . , keytool PEM . . Key Store Explorer (http://keystore-explorer.sourceforge.net/) " ", PEM, Godaddy (1b27b7d7a29a06. pem) ( - GoDaddy), "PEM", "". 1b27b7d7a29a06-mycert.pem.

root (gdroot-g2.crt) (gdig2.crt) GoDaddy (https://certs.godaddy.com/anonymous/repository.pki)

, / GoDaddy G2.

:

keytool -v -importcert -trustcacerts -keystore myKeystore -storepass abc123 gdroot-g2.crt -alias gdroot-g2

keytool -v -importcert -trustcacerts -keystore myKeystore -storepass abc123 gdig2.crt -alias gdig2

keytool -v -importcert -keystore myKeystore -storepass abc123 -alias myKey -file 1b27b7d7a29a06-mycert.pem

:

jarsigner -keystore myKeystore -storepass abc123 -sigalg SHA1withRSA -digestalg SHA-1 time.jar mykey

0

(CA ) java- Chrome/FF - ( Java-). CAADADY () -. godaddy, ( )

,

. G1. . , , https://certs.godaddy.com/repository.

- gdig2_bundle.crt - ..-class2-root.crt

0
source

Importing a GoDaddy package solves the problem:

export JAVA_HOME=/usr/lib/jvm/java-8-oracle/
wget https://certs.godaddy.com/repository/gd_bundle-g2.crt
$JAVA_HOME/bin/keytool -import -alias root -file ./gd_bundle-g2.crt -storepass changeit -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts
0
source

I have to say,

all this Java bs signing seems like a singular method for Java so as not to die off in favor of better code.

Actually I think this kills java. I would prefer to use any other encoding method (php/flash/etc)and then use Java again.Way to go Oracle!

-1
source

More articles:


All Articles