Jarsigner: "This jar contains entries whose certificate chain is not validated."
Solution 1
Thanks Andrew Thompson. I have unsigned my jar file, and found the bug. It's better unsigned you're right about this, because signing makes no point since I don't need to get out of the sandbox.
For the record, the bug was the use of the jnlp.jar library. In order to make it work, I launched the applet using jnlp/applet code instead of a standard tag.
Solution 2
Just one line answers you question I guess. And if you look closer you'll see it. Here it is
[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
As I may hope, you know that today is not July 24 so you just have to re-sign your app
Joel
Updated on August 07, 2022Comments
-
Joel almost 2 years
I get the following error on a self-signed jar:
jar verified. Warning: This jar contains entries whose certificate chain is not validated. Re-run with the -verbose and -certs options for more details.
I signed the jar like this:
"C:\Program Files\Java\jdk1.7.0\bin\jarsigner" -keystore myKeyStore myJar.jar myAlias
My jar has 2 entry points: One for java web start, and one for an applet.
- If I run the jar in a java web start way, it has no incidence.
- But if I run the jar as an applet. I get a strong security warning at some point when I try to access a bitmap resource embeded in the jar.
Using the -verbose and -certs options shows a lot of lines. And I don't understand anything of this. This is the output: output.txt (part of the 6307 lines reproduced below).
s 157850 Tue Nov 08 12:57:44 CET 2011 META-INF/MANIFEST.MF X.509, O=keyja.com [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32] [CertPath not validated: null] 112909 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.SF 1108 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.RSA sm 180 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/k.class X.509, O=keyja.com [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32] [CertPath not validated: null] sm 252 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/r.class ... (around 6000 lines of other output along the same lines) s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. Warning: This jar contains entries whose certificate chain is not validated.
How to sign the jar file ?
-
Joel over 12 yearsIt makes sense. I included a link to the output.
-
Andrew Thompson over 12 years"If I run the jar in a java web start way, it has no incidence." What level of security permissions does the JWS launch request?
-
Andrew Thompson over 12 yearsIf the applet runs sand-boxed as well, why sign the code at all?
-
Joel over 12 yearsbecause the applet doesn't work if i don't sign it. it should but it doesn't, for a reason I ignore.
-
Andrew Thompson over 12 years
-
John Haager over 12 yearsIf the certificate is no longer valid, then he will have to recreate the certificate to extend the valid time period.
-
Joel over 12 yearsNo, it's 24/07/2111, and it's valid.
-
user592704 over 12 yearsI am just wondering... Is it valid from 17/08/2111 17:32 to 24/07/2111 17:32 ?
-
user592704 over 12 yearsCould you provide the key and the cert validation dates?
-
Cute Bear almost 12 yearsso how did you fix it? a little bit more detail please
-
Joel almost 12 yearsI launched the applet using jnlp/applet code instead of a standard html applet tag. docs.oracle.com/javase/tutorial/deployment/deploymentInDepth/…