i.e.:
> keytool -list -keystore certificates.ks -storepass foobar
third-party-cert, 08.01.2010, trustedCertEntry,
fingerprint (MD5): ....
notice the trustedCertEntry.
Furthermore, in the example you gave your last attribute in the DN chain is
missing a comma before it (not sure that this is what you really used but
just saying):
"CN=logboxIP, O=CRF, OU=ITS, L=Trento C=IT"
"CN=xxx, O=xxx, OU=xxx, L=xxxxx C=xx"
there clearly seems to be a missing comma before the C=IT/C=xx
regards,
Karl
On Thu, Jan 23, 2014 at 1:49 PM, Karl Pauls <[email protected]> wrote:
> Its very hard to say - if you can make a simple example available to me I
> can have a look. Otherwise, if there are no other exceptions/print-outs and
> you are sure your rules are syntactically correct and should match then I
> don't know either. The one thing to make sure is that you really have the
> self signed certificate in that keystore as a _trusted certificate_ -
> otherwise it will not work.
>
> regards,
>
> Karl
>
>
> On Thu, Jan 23, 2014 at 11:59 AM, felixandre <[email protected]>wrote:
>
>> I had also tried to invert the order of the rules, but without success...
>> This is the rule (added before the DENY rule):
>>
>> ALLOW {
>> [org.osgi.service.condpermadmin.BundleSignerCondition "CN=xxx,
>> O=xxx,
>> OU=xxx, L=xxxxx C=xx"]
>> ( java.io.FilePermission "*" "read, write")
>> } "We allow signed bundles to write file"
>>
>> Moreover, to be sure, I verified the jar signature with jarsigner -verify
>> myjar.jar -verbose -certs and all the fields match. I run Felix with all
>> the
>> needed properties (afaik):
>>
>> java -Dorg.osgi.framework.security=osgi -Djava.security.policy=all.policy
>> -Dfelix.keystore=file:myks.jks -Dfelix.keystore.pass=mypwd
>> -Dfelix.keystore.type=jks -jar bin/felix.jar
>>
>> The signature was a "selfsigned" signature, could this be the problem? I
>> think it isn't, but what can be the problem then?
>>
>>
>>
>> --
>> View this message in context:
>> http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903p5006951.html
>> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>
>
> --
> Karl Pauls
> [email protected]
> http://twitter.com/karlpauls
> http://www.linkedin.com/in/karlpauls
> https://profiles.google.com/karlpauls
>
--
Karl Pauls
[email protected]
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
