Well, there was the missing comma, but I had also tried simplifying it as much as possible (i.e.: /[org.osgi.service.condpermadmin.BundleSignerCondition "O=xxx"]/) and checking signer only with this field, but without success, that is no authorization to the signed bundle. Indeed, as a result of correcting the entire DN chain adding the missing comma, has the weird effect of allowing also the not-signed bundle to read and write!
I tried the keytool command as you suggested and this is what I got: /Keystore type: JKS Keystore provider : SUN The keystore has 1 entry aliasname, 16-gen-2014, PrivateKeyEntry, fingerprint (SHA1): .../ The command I used to generate the Self-signed certificate is: /keytool -genkey -keyalg RSA -alias aliasname -keystore myks.jks -storepass mypwd -validity 360 -keysize 2048/ and then I signed the bundles with the option of the Eclipse Export procedure. Andrea (could you, please, mask the DN chain fields in the quoted post? I forgot to do it in one post :-| ) -- View this message in context: http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903p5006955.html Sent from the Apache Felix - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
