$ jarsigner -verbose -certs -verify jenkins.war
That should give a Jar file that has been signed by
X.509, CN=Kohsuke Kawaguchi, O=Kohsuke Kawaguchi, STREET=4438 Hilton Ave,
L=San Jose, ST=California, OID.2.5.4.17=95130, C=US
[certificate expired on 19/07/15 00:59]
X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
[certificate is valid from 24/08/11 01:00 to 30/05/20 11:48]
X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
[certificate is valid from 07/06/05 09:09 to 30/05/20 11:48]
or
X.509, CN=Infradna Inc (Kohsuke Kawaguchi), O=Infradna Inc (Kohsuke
Kawaguchi), STREET=4438 Hilton Ave, L=San Jose, ST=California,
OID.2.5.4.17=95130, C=US
[certificate is valid from 23/07/15 01:00 to 23/07/20 00:59]
X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
[certificate is valid from 09/05/13 01:00 to 09/05/28 00:59]
X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 30/05/00 11:48 to 30/05/20 11:48]
X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP
Network, O=AddTrust AB, C=SE
[certificate is valid from 30/05/00 11:48 to 30/05/20 11:48]
HTH
On 10 November 2015 at 19:15, Jens Wilke <jw_gro...@headissue.com> wrote:
> Hi all,
>
> I am just reviewing and upgrading our Jenkins CI setup. What I found very
> irritating:
>
> 1. there seems no download instruction for the war
> 2. there is no way to check the integrity of a downloaded war file
>
> What I found:
> war files are at http://mirrors.jenkins-ci.org/war/. It is accessilbe by
> https, but with no "official" certificate.
>
> md5 sha1 checksums can be found at
> http://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/1.625.1
> Again, this site is available via https, but with no "official"
> certificate.
>
> Did I miss something? Isn't there a way to download and check the
> integrity of Jenkins?
>
> Cheers,
>
> Jens
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/eb477328-2acd-4bba-99b1-12fa10bae970%40googlegroups.com
> <https://groups.google.com/d/msgid/jenkinsci-users/eb477328-2acd-4bba-99b1-12fa10bae970%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMzDSAAX0ypii95vm8Lf7Hm_qDO42pTW4sQLvMNZ2xOGhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
