Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

This jar contains entries whose signer certificate will expire within six months

I've signed my jar in various ways, but I keep getting the above error message when I use the command:

jarsigner -verify -verbose [my jar]

Is there a way to get rid of this error? Will my code just stop working after six months if it's not re-certified?

Here is the entire set of commands used to generate the key & sign the Jar:

keytool -genkey -keystore [keystore] -alias [alias] -validity 2000
keytool -selfcert -keystore [keystore] -alias [alias] -validity 2000
jarsigner -keystore [keystore] [jar] [alias]
like image 328
David Avatar asked May 01 '12 22:05

David


1 Answers

Is there a way to get rid of this error?

It is not an error, but a warning. As to how to avoid it, make sure the certificate has a validity date that is longer than 6 months. For a self-signed certificate, that is a matter of providing the correct parameters when generating the key. Here is the keytool Example.

keytool -genkeypair -dname "cn=Mark Jones, ou=Java, o=Oracle, c=US"
  -alias business -keypass <new password for private key> -keystore /working/mykeystore
  -storepass <new password for keystore> -validity 180

The important part is -validity 180. 180 days, or around 6 months, for that example. Use 1800 for around 5 years.

Will my code just stop working after six months if it's not re-certified?

Not exactly.

  • The user on some systems will be warned that the certificate has expired, and be offered the choice to accept it. If they do, it will work as normal. e.g. of "signature has expired":
  • Other systems might be configured to automatically reject out of date certificates. On those machines, the code will most likely never start, or in rare cases, be loaded but have a sand-box applied.

I thought I had turned all java caching off though, as it's annoying when trying to develop.

Applet caching during testing is a big problem. I try to avoid testing applets in the browser until absolutely necessary. There are 2 ways I know of to test applets that will not cache the classes.

  1. Use the AppletViewer
  2. An hybrid applet/application
like image 106
Andrew Thompson Avatar answered Sep 18 '22 01:09

Andrew Thompson