Il 02/04/2014 14:13, Roberto Resoli ha scritto:
Il 02/04/2014 13:34, [email protected] ha scritto:
...
It seems
some server certificates can do the signing and some not. Confusing!!!
Yes. Certification Authorities sell different Certs, whith different
pricing, for that.
I created an english version of the HowTo:
https://sourceforge.net/apps/trac/j4sign/wiki/HowtoSignCode_en
Regarding code signing in recent Oracle JVMs, there are lot of
restriction introduced, in particular with 1.7.0_51 i noted that
the certificate for code signing has to have a CRL or OCSP verification
attribute (or both), and the URL specified in the attribute has to point
to a working revocation check service in order the verification (with
default JVM security settings) to pass.
I will provide related modifications into openssl.conf defaults in my
howto very soon.
rob
rob
