-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sanaullah,
On 2/19/15 10:28 AM, Sanaullah wrote: > I have imported the public key (singed certificate) of the code > signing certificate using keytool to JVM cacerts > "/usr/lib/jvm/jdk1.8.0_25/jre/lib/security/cacerts" and certificate > alias name is "codesigntest" Can you verify that the certificate is in there by doing "keytool - -list .../cacerts"? > I mentioned the same alias in in catalina.policy grant signedBy > "codesigntest" Okay. So that certificate directly-signed your JAR? At runtime, do you get an error? What's the full message and stack trace? Thanks, - -chris > On Thu, Feb 19, 2015 at 8:13 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Sanaullah, > > On 2/13/15 12:48 PM, Sanaullah wrote: >>>> I have signed the ear package using jar signer and start the >>>> tomee using ./startup.sh -security and also edit the >>>> catalina.policy file looks like below. >>>> >>>> I am confused here, how code sign verification process is >>>> done? if the code sign certificate is not the truststore >>>> still the tomcat server will start? or it stops booting the >>>> application? >>>> >>>> I haven't seen anything in the log related to code sign, how >>>> can i verify this ? > > I'm no expert in use of a security manager or signed code, but > where is your trust store located? How are you telling the JVM > about where to find it? > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5gqfAAoJEBzwKT+lPKRYFeAP/0g3riqv5xt5P18mHrQp65So KbliLObxwUwzsT36XDJr4kplWQ8z+oz/Wf5p0RR/JiV3psFwQk+QySd7l//Qqc9G W3EtPBTDkxt/Yc6qSxw5dOYCNsJMoSoLDz6Ghj1TWJiCmO0ROaImbb+bIcjvCZBx VJLhaXpFrf9ABFHn9PdMSQ1Mmqi18hFpHUjTwWDpdVEOzJowoLH27P28cFtbcByU OXtaQHcqBv1t90FIPX/ImMDqyML+Bx6kxkBOf3F+aLLmEXK4bgrK5ni+1c/6z3HU NFg+4X1wS8LybbNlhsJ2USfjLc6xCZNto97ik5FQtAFGQm/Im2A/hsu6aITQjuxD +7QDcS++bMYBpatFjlm8MQ5Mjry4yQY/M5sJZaXGC7W16fWIrIu3kVUXPvAUCgwM owJHsDvYiTQG/fVb44c2SZBtTuI4u4KuQcgSN0Goa3SQz+taPalRw2icEkjLa033 cLMP1Y+Ht1TxF16LJhd34UJegpRYo9zKSLkl93yZTVI/hgwyqO65wj9taPco/on5 So3wdwt90jwSNLQH879qrgIIsWtMKk2xEO7y6hako7GLvnZjFHFicuWsR62iG+eF xWQMiLjlDZ2RlfMS8Is8VZugoDfxspexx6AxLgNhHJXchg6YVqPzYUps/gyhOywj 2mCLzzBeZryZEYcgSnmv =ymd+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
