For self signing the JAR files (that is, without using a certificate authority), here is the procedure that I know works:
keytool -genkey -alias TurboVNC -keystore turbovnc.keystore -keyalg RSA -storepass turbovnc -keypass turbovnc -validity 7300 -dname "CN=TurboVNC, OU=Software Development, O=The VirtualGL Project, L=Austin, S=Texas, C=US" for i in *.jar; do jarsigner -keystore turbovnc.keystore -storepass turbovnc -keypass turbovnc $i TurboVNC; done You can, of course, replace the organization and location information with your own. And to answer your question, yes, you re-sign the VncViewer.jar using the same key as the other JARs. This replaces the self-signed certificate with which VncViewer.jar is distributed with your own certificate. Your certificate can be self-signed as well, or it can come from a legitimate signing authority (the latter would be needed if you wanted to deploy TurboVNC to a third party over the open Internet, but just for internal use, self signing should be fine.) Not sure what you mean about not being able to sign VncViewer.jar without first removing manifest files. The manifest has nothing to do with the signature. I have updated the wiki page to clarify the above, as well as to clarify that the URL in the JNLP file should be absolute. On 6/8/13 10:34 AM, Shanon Loughton wrote: > Hi DRC > > Thanks for JWS option to play with, Im looking forward to getting it > working to try out. > > So Im having fun with 'the exercise for the user' bit > <http://www.virtualgl.org/Documentation/JWS>to do with signing JAR > files, which I gather is prob a little off topic, but its something Im > doing w.r.t to these TurboVNC JAR files so Im gonna ask here anyway. > > Running TurboVNC.jnlp downloads the files OK, but then throws Fatal > error because of apparently unsigned files, even though Ive signed them, > using: > $ jarsigner -keystore storename VncViewer.jar aliasname > See the error in both Openjdk 6 and 7, and Oracle Java 7 > http://pastebin.ubuntu.com/5745317/ > (have searched/replace on names and IPs.) > > Ive run from both browsers, ensuring IcedTea cache was off, and also > command line $ javaws -verbose TurboVNC.jnlp to eliminate the > browser/icedtea plugin. > > I initially had signing errors because TurboVNC.jnlp never downloaded > the JARs - thought I could just use web root in the tag <jnlp > codebase="/"> but it turns out you need the absolute URL. After putting > the whole URL in it downloaded JARs but still throws these unsigned > errors. All the JAR files are in the web root of lighttpd (used to > ensure MIME type was served right (.jnlp => application/x-java-jnlp-file)). > > From your JWS instructions, must we sign the VncViewer.jar also? As > you've already signed it before packaging. If not, is it ok to have > mixed signatures on various JARs do you think? I definitely can't sign > the VncViewer.jar without first removing manifest files and such. > > Server setup: > Ubuntu 13.04 64 bit > TurboVNC 1.2 amd64 > libjpeg-turbo-official_1.3.0_amd64 > libjpeg-turbo-1.3.0-jws.zip > lighttpd 1.4.31-3ubuntu2 > > Client setup: > Ubuntu 12.04 64 bit > Firefox 18.0.1 > Chromium Version 25.0.1364.160 Ubuntu 12.04 (25.0.1364.160-0ubuntu0.12.04.1) > switching between: > OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1) > OpenJDK Runtime Environment (IcedTea 2.3.9) (7u21-2.3.9-0ubuntu0.12.04.1) > Java(TM) SE Runtime Environment (build 1.7.0_21-b11) > > thanks > Shanon > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > > > > _______________________________________________ > VirtualGL-Users mailing list > VirtualGL-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/virtualgl-users > ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ VirtualGL-Users mailing list VirtualGL-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtualgl-users
