Problem signing jars for web applet

1
votes

  1. keytool -genkey -keystore myKeyStore -alias me

  2. keytool -selfcert -keystore myKeyStore -alias me

  3. jarsigner -keystore myKeyStore jarfile.jar me

I'm using this way to sign jars. I use my jar and a few more as libraries and all of them are signed this way, still, when I open the browser I get the warning that there is signed and unsigned code. So this is confusing me... :/

http://dl.dropbox.com/u/1430071/images/errormessage.png

2
javajarappletjarsigner
Besides the other more specific advice, make sure the applet cache is flushed for each test. To do that, get focus on the Java console and type 'x'. An easy way around browser class caching is to do your initial launches with JWS only (free-floating - no browser involved). - Andrew Thompson

2 Answers

1
votes

In the article Mixing Signed and Unsigned Code, the section entitled Deploying Signed Applications and Applets Securely Without a Mixed Code Warning offers two alternatives available in Java SE 6 Update 19 and later.

Addendum: Use jarsigner -verbose -verify to see additional information about signature details.

0
votes

You're signing your code with a self-signed certificate. You need to get a code signing certificate from an actual CA (costs $$$) and sign your code with that instead.