Trouble shooting
How to test if a jar is signed?
Use jarsigner:
jarsigner -verify JAR_FILE
If the certificate is correct it will return
jar verified.
Check a whole directory at once:
find -iname "*.jar" -print -exec jarsigner -verify '{}' \;
Problem: jarsigner returns "jarsigner: Signature Block missing for PV"
This is returned by the GNU version of jarsigner, while the sun version does not complain. Probably a bug in GNU jarsigner.
How to find out when certificate will expire?
Here is one way:
Run jarsigner like this:
jarsigner -verbose -verify -certs JAR_FILE | less
And look for a line like this:
X.509, EMAILADDRESS=mvaniersel@gmail.com, CN=Thawte Freemail Member
[certificate is valid from 8/30/09 11:47 AM to 8/30/10 11:47 AM]
In this case it's valid until August 30, 2010.
NB, Don't get confused with this:
X.509, CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 7/17/03 2:00 AM to 7/17/13 1:59 AM]
That's the validity of Thawte cerficate.
What is a digital signature?
Applets are signed so that you can check that the code you're going to run is from somebody. The signature does not prove that the code won't do anything bad or that it meets security standards. However, it does prove that the code is from a certain person or company.
That does help you to make a decision whether to run the code or not.
Where do I get a digital certificate
Verisign Thawte
With thawte you can sign up for free as thawte freemail member. Then you can request a X.509 format certificate
