Creating a keystore for plugin signing the easy way
-
Upload
mikkel-flindt-heisterberg -
Category
Technology
-
view
1.922 -
download
0
description
Transcript of Creating a keystore for plugin signing the easy way
![Page 1: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/1.jpg)
How to create a Java keystore for plugin signing the easy way
Mikkel Flindt HeisterbergOnTime by IntraVision
![Page 2: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/2.jpg)
Create the keystore• Use iKeyMan to create the keysore– <Notes>\jvm\bin\ikeyman.exe i.e. C:\Notes8\jvm\
bin\ikeyman.exe• Create keystore of
type JCEKS and specify a password for the keystore
• Note the directory where you create the keystore
![Page 3: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/3.jpg)
Create self-signed certificate• In ”Personal Certificates” click ”New Self-
Signed...” and fill in the fields. • Make sure to adjust the
validity perido of the certificate
• Note the ”Key Label” you specify (here it’s”signerkey”)
• Exit iKeyman
![Page 4: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/4.jpg)
Verify keystore• In a DOS prompt use the KeyTool from the JDK
to verify the keystore– If you haven’t got a JDK installed use the one
installed with Notes (<Notes>\jvm\bin\keytool.exe)
• C:\Notes8\jvm\bin\keytool.exe -keystore keystore.jck -storetype jceks -list -v
![Page 5: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/5.jpg)
Verify keystore
![Page 6: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/6.jpg)
Export certificate• Now export the certificate that is the
certificate to verify jar-file signatures– Again using the keytool as before– This creates mycert.der which is the file you
import into Domino Directory
• C:\Notes8\jvm\bin\keytool.exe -keystore keystore.jck -storetype jceks –export –file mycert.der –alias signerkey
![Page 7: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/7.jpg)
Export certificate
![Page 8: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/8.jpg)
Import the certificate in Domino
![Page 9: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/9.jpg)
Import the certificate in Domino
![Page 10: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/10.jpg)
Import the certificate in Domino
![Page 11: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/11.jpg)
Import the certificate in Domino
![Page 12: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/12.jpg)
Trust• Next steps are to– Cross certify the imported internet certificate with
your a Notes certifier– Use policies (Security settings) to broadcast the
internet certificate and cross certification of the internet certificate to Notes clients
– The option is on the ”Keys and Certificates” tab under ”Administrative Trust Defaults”
![Page 13: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/13.jpg)
Sign jar-file using keystore• You sign jar-files using the jarsigner.exe tool
from the JDK– Again you can use the one installed with the Notes
JVM if need be
• C:\Notes8\jvm\bin\jarsigner.exe -keystore keystore.jck -storetype jceks –signedjar signed.jar myfile.jar signerkey
![Page 14: Creating a keystore for plugin signing the easy way](https://reader036.fdocuments.us/reader036/viewer/2022062418/554f64d5b4c905bb178b49b3/html5/thumbnails/14.jpg)
Sign jar-file using keystore