Your key has a validity period of 30 days; the certificate that you generate and sign with this key is not specified, and therefore, the default is 180 days. The value of the -validity flag specified in the -selfcert command is -selfcert . I just tested this:
cp myKeystore myKeystore-TEST keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST jarsigner -keystore myKeystore-TEST myApplet.jar myAlias
and when the browser displayed a dialog box, I could verify that the expiration date is as today + 30 days. jarsigner -verbose -certs -verify myApplet.jar is much more verbose, listing the certificate and key summary:
sm 697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US [certificate will expire on 12/31/11 12:48 PM] X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US [certificate will expire on 1/23/12 4:08 AM] ... s = signature was verified m = entry is listed in manifest
If 12/31/11 is 30 days after my test and another date is 90 days after I created the keystore, which I can check with keytool -v -list -keystore myKeystore-TEST . The manual page for keytool says 90 days is the default for keys.
toddkaufmann
source share