Hey Chris, I have imported the public key (singed certificate) of the code signing certificate using keytool to JVM cacerts "/usr/lib/jvm/jdk1.8.0_25/jre/lib/security/cacerts" and certificate alias name is "codesigntest"
I mentioned the same alias in in catalina.policy grant signedBy "codesigntest" Regards, Sanaullah On Thu, Feb 19, 2015 at 8:13 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sanaullah, > > On 2/13/15 12:48 PM, Sanaullah wrote: > > I have signed the ear package using jar signer and start the tomee > > using ./startup.sh -security and also edit the catalina.policy > > file looks like below. > > > > I am confused here, how code sign verification process is done? if > > the code sign certificate is not the truststore still the tomcat > > server will start? or it stops booting the application? > > > > I haven't seen anything in the log related to code sign, how can i > > verify this ? > > I'm no expert in use of a security manager or signed code, but where > is your trust store located? How are you telling the JVM about where > to find it? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJU5f2SAAoJEBzwKT+lPKRY7QwP/A1ErRELoaHDConRnqtC9sQf > Ga9zopcoFwvb+85ei/UxjmjE1IaoxkCB7QLX3tGI36lz+RYc8nBa1aS0IN9qpDEM > 2qoMjKAwJqsG1EZOhVMq0liTlUnaKzb2UIh75daZlx6aaMjQu9oiLyRdwkEIkN73 > 71v4hlLYMhg1HbxDPbyswn32fyQYbYk9RAi0XnU/dHISZSkQVaRc2LuQoIXAVIba > iSzPrHQfGBA4HdQexRM5E58T9uLR8Q2ducDD2ybubrwYfZILsywRfBtIg256PS69 > HSSyXUQsliXaRWX6Z+wpR2XWcslAUd9jBy0OQYJBMqRR9vvJgHaC8sqMbCxZI6+9 > i8j+l3HXjZ/nTeHDJg/0R5VG5fDe1q99/I/Wgj6834/3kV5SOY5hnr+LGsV8xwcK > CGj5+PPu6VqRaxIIMSf0qSz207aLP6GhXvHtvJvJJSZ1JWTaYoNTkf/Wdit/xqSJ > uIbLbKhYyzhyy1rEUowcKD52nSbhIr96fXnt72zgwWKwjKjxbTesoSf4CAQ2r0YJ > OpFPluD7VOm+QvfQyqYvUptfaDfOMYpl0zmmsGhETl5a58HddTx8KmQmEF1I9zpW > Ws28KkU8P7l29bqJJULNbyjohFjuUEzu+2X4hZ0XGpCJje+2NL6SZyuIEwInrIbw > BTz4sWkhCjS0QdhrxIMM > =Z3Qo > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
