$ jarsigner -verbose -certs -verify jenkins.war
That should give a Jar file that has been signed by
X.509, CN=Kohsuke Kawaguchi, O=Kohsuke Kawaguchi, STREET=4438 Hilton Ave,
L=San Jose, ST=California, OID.2.5.4.17=95130, C=US
[certificate expired on 19/07/15 00:59]
X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
[certificate is valid from 24/08/11 01:00 to 30/05/20 11:48]
X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
[certificate is valid from 07/06/05 09:09 to 30/05/20 11:48]
or
X.509, CN=Infradna Inc (Kohsuke Kawaguchi), O=Infradna Inc (Kohsuke
Kawaguchi), STREET=4438 Hilton Ave, L=San Jose, ST=California,
OID.2.5.4.17=95130, C=US
[certificate is valid from 23/07/15 01:00 to 23/07/20 00:59]
X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
[certificate is valid from 09/05/13 01:00 to 09/05/28 00:59]
X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 30/05/00 11:48 to 30/05/20 11:48]
X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP
Network, O=AddTrust AB, C=SE
[certificate is valid from 30/05/00 11:48 to 30/05/20 11:48]
HTH
On 10 November 2015 at 19:15, Jens Wilke <[email protected]> wrote:
> Hi all,
>
> I am just reviewing and upgrading our Jenkins CI setup. What I found very
> irritating:
>
> 1. there seems no download instruction for the war
> 2. there is no way to check the integrity of a downloaded war file
>
> What I found:
> war files are at http://mirrors.jenkins-ci.org/war/. It is accessilbe by
> https, but with no "official" certificate.
>
> md5 sha1 checksums can be found at
> http://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/1.625.1
> Again, this site is available via https, but with no "official"
> certificate.
>
> Did I miss something? Isn't there a way to download and check the
> integrity of Jenkins?
>
> Cheers,
>
> Jens
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/eb477328-2acd-4bba-99b1-12fa10bae970%40googlegroups.com
> <https://groups.google.com/d/msgid/jenkinsci-users/eb477328-2acd-4bba-99b1-12fa10bae970%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMzDSAAX0ypii95vm8Lf7Hm_qDO42pTW4sQLvMNZ2xOGhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
