I believe we discussed this before: https://lists.apache.org/thread.html/cc95584333ad21929346078ba42b4e3859dc0f6173d9700081178280@%3Cdev.netbeans.apache.org%3E
> You might be running into the fact that only Oracle is hardcoded as > trusted: > https://github.com/emilianbold/incubator-netbeans/blob/3c8b489a1f71bc1bc9dab9f3ac33acaff361a175/autoupdate.services/src/org/netbeans/modules/autoupdate/services/Utilities.java#L231 > if (certDNName.contains("CN=\"Oracle America, Inc.\"") > > && (certDNName.contains("OU=Software Engineering") || > > certDNName.contains("OU=Code Signing Bureau"))) { > > res = 2; > > > > ... > > switch (res) { > > case 2: > > return TRUSTED; > > > Also note this comment: > // signed by trusted certificate stored in user's keystore od ide.ks > return TRUSTED; > But, for your own RCP app, you could look into > org.netbeans.spi.autoupdate.KeyStoreProvider and how > org.netbeans.modules.updatecenters.resources.NetBeansKeyStoreProvider > uses the included core/ide.ks and replicate that. If you control the main app, you don't even need to give Comodo any money, you can just pin your (self-signed) certificate. --emi ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 22 March 2018 8:55 PM, stephen cumminger <[email protected]> wrote: > This may be a simple question, but I could use some help nonetheless. > > > > I have a NetBeans RCP app based on version 8.2. I have a certificate from a > major trusted certificate provider (Comodo) that I use to sign the NBMs that > are posted to our Update Center. The question is “how do I get rid of the > following Dialog ?” > > > > > > I use the same certificate to sign the Installer file, and MS Windows does > not complain. The problem is that it is confusing to my users. From what I > read this Dialog needs to appear at least once for the User to “Accept” > before the certificate is installed into the Trust Store. > > > > The following is how I sign the nmb’s in the ant script of each module: > > <target name="mynbm" depends="nbm" description="Build NBM archive."> > > <echo message="Attempting to sign NBM: ${nbm}" /> > > <signjar jar="${build.dir}/${nbm}" > > keystore="${keystore}" > > storepass="${storepass}" > > alias="${nbm_alias}" > > keypass="${storepass}" > > tsaurl="http://timestamp.comodoca.com/rfc3161"; > > digestalg="SHA-256" > > force="true" > > /> > > </target> > > > > Hints or suggestions always welcome. > > > > Regards, > > > > > > Stephen > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
