Applet is no longer signed after repackaging signed
.cabfiles as.jarfiles
SymptomsAfter repackaging signed
.cabfiles as.jarfiles, an applet running in the Sun JRE is treated as unsigned. The same applet packaged as.cabfiles runs as signed in the Microsoft VM.Cause
Microsoft supports applet signing through its own proprietary Authenticode and
.cabfile technologies. The signing information is lost in the process of repackaging. As a result, the Sun JVM treats the.jarfiles as unsigned.Resolution
The workaround is to sign the
.jarfiles using the jarsigner tool from the JDK:
- Obtain the Sun Java Signing certificate from VeriSign or the Java Code Signing certificate from Thawte or similar certificates from other Certificate Authorities (CAs).
- Import the certificate into your keystore using keytool and an alias name. For example:C:\>C:\j2sdk1.5\bin\keytool -import -alias MyCert -file VSSStanleyNew.cer
- Use
jarsignerto sign the.jarfile, using the RSA credentials in your keystore that were generated in the previous step. Make sure the same alias name is specified, for example:C:\>C:\j2sdk1.5\bin\jarsigner C:\TestApplet.jar MyCert Enter Passphrase for keystore: ********- Use "
jarsigner -verify -verbose -certs" to verify the.jarfiles.C:>C:\jdk1.4.2\bin\jarsigner -verify -verbose -certs d:\TestApplet.jar 245 Wed Mar 10 11:48:52 PST 2000 META-INF/manifest.mf 187 Wed Mar 10 11:48:52 PST 2000 META-INF/MYCERT.SF 968 Wed Mar 10 11:48:52 PST 2000 META-INF/MYCERT.RSA smk 943 Wed Mar 10 11:48:52 PST 2000 TestApplet.class smk 163 Wed Mar 10 11:48:52 PST 2000 TestHelper.class X.509, CN=XXXXXXX YYY, OU=Java Software, O=Sun Microsystems, L=Cupertino, ST=CA, C=US (mycert) X.509, CN=Sun Microsystems, OU=Java Plug-in QA, O=Sun Microsystems, L=Cupertino, ST=CA, C=US X.509, EmailAddress=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified.Related Information
See Code Signing by VerSign and code-signing certificate support by Thawte.