Hello,
I developed a webstart application where the jarfile is signed with a
certificate from our openca 0.9.1-10.
The certificate is of role User with these types set in User.ext:
nsCertType = client, email, objsign
I added the objsign attribute to have it work as a object/code signing
certificate.
With java 1.4.2 the webstart application worked fine, but now after
upgrading to java 1.5, webstart only throws an error:
java.security.cert.CeritificateException: Check leaf key usage failed in
certificate at
com.sun.deploy.security.CertUtils.checkUsageForCodeSigning(CertUtils.java:102)
...
I found that java 1.5 webstart requires the jarfile to be signed with a
certificate especially designed for code signing, whereas java 1.4.2 was
not so strict with the checking the certificate.
I thought I was using a code signing certificate all along, having the
"objsign" type attribute enabled in User.ext.
Do I have to create a whole new extension file exclusively for code
signing, like "Code.ext" (without client and email attributes)?
If so, is there a template for that extension file?
Thanks in advance!
Regards,
Elke
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
