-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sanaullah,
On 2/19/15 12:26 PM, Sanaullah wrote: >> Can you verify that the certificate is in there by doing >> "keytool - -list .../cacerts"? > > keytool -v --list -keystore > /usr/lib/jvm/jdk1.8.0_25/jre/lib/security/cacerts |grep > "codesigntest" Enter keystore password: Alias name: codesigntest > Owner: CN=codesigntest > > >>> I mentioned the same alias in in catalina.policy grant >>> signedBy > "codesigntest" > >> Okay. > >> So that certificate directly-signed your JAR? > >> At runtime, do you get an error? What's the full message and >> stack trace? > > I have signed the ams_ear.ear using jar signer prior to deploying > it using the following command root@pay:/home/sanaullah# jarsigner > -verbose -keystore /home/sanaullah/codesigntest.jks -storepass > test > /home/sanaullah/apache-tomee-webprofile-2.0.0-SNAPSHOT/apps/ams_ear.ear > > codesigntest > updating: META-INF/CODESIGN.SF updating: META-INF/CODESIGN.RSA > adding: lib/ signing: lib/javax.json.jar signing: > lib/javax.jms-api.jar signing: lib/ams_persistence.jar signing: > lib/httpclient-4.3.4.jar signing: lib/httpcore-4.3.2.jar signing: > lib/commons-logging-1.1.3.jar signing: lib/commons-codec-1.6.jar > signing: lib/nekohtml-1.9.21.jar signing: > lib/xercesImpl-2.10.0.jar signing: lib/xml-apis-1.4.01.jar signing: > lib/commons-io-2.4.jar signing: lib/jcl-over-slf4j-1.7.5.jar > signing: lib/slf4j-api-1.7.5.jar signing: > lib/slf4j-log4j12-1.7.5.jar signing: lib/log4j-1.2.17.jar signing: > lib/commons-lang3-3.1.jar signing: lib/jackson-core-2.4.0.jar > signing: lib/jackson-databind-2.4.0.jar signing: > lib/jackson-annotations-2.4.0.jar signing: > lib/spring-integration-http-4.0.4.RELEASE.jar signing: > lib/spring-webmvc-4.0.7.RELEASE.jar signing: > lib/spring-beans-4.0.7.RELEASE.jar signing: > lib/spring-core-4.0.7.RELEASE.jar signing: > lib/spring-context-4.0.7.RELEASE.jar signing: > lib/spring-aop-4.0.7.RELEASE.jar signing: > lib/spring-expression-4.0.7.RELEASE.jar signing: > lib/spring-web-4.0.7.RELEASE.jar signing: > lib/rome-fetcher-1.0.0.jar signing: lib/jdom-1.0.jar signing: > lib/rome-1.0.0.jar signing: > lib/spring-integration-core-4.0.4.RELEASE.jar signing: > lib/spring-tx-4.0.7.RELEASE.jar signing: > lib/spring-retry-1.1.1.RELEASE.jar signing: > lib/spring-messaging-4.0.7.RELEASE.jar signing: > lib/spring-integration-jdbc-4.0.4.RELEASE.jar signing: > lib/spring-jdbc-4.0.7.RELEASE.jar signing: lib/guava-16.0.1.jar > signing: lib/spring-integration-stream-4.0.4.RELEASE.jar signing: > lib/spring-integration-ws-4.0.4.RELEASE.jar signing: > lib/spring-ws-core-2.2.0.RELEASE.jar signing: > lib/spring-xml-2.2.0.RELEASE.jar signing: > lib/spring-oxm-4.0.7.RELEASE.jar signing: > lib/spring-aspects-4.0.7.RELEASE.jar signing: > lib/aspectjweaver-1.8.2.jar signing: > lib/spring-orm-4.0.7.RELEASE.jar signing: lib/aspectjrt-1.8.2.jar > signing: lib/spring-integration-ftp-4.0.4.RELEASE.jar signing: > lib/commons-net-3.3.jar signing: > lib/spring-integration-file-4.0.4.RELEASE.jar signing: > lib/spring-context-support-4.0.7.RELEASE.jar signing: > lib/spring-integration-sftp-4.0.4.RELEASE.jar signing: > lib/jsch-0.1.51.jar signing: ams_war.war signing: ams_ejb.jar > signing: log4j.properties jar signed. > > Warning: No -tsa or -tsacert is provided and this jar is not > timestamped. Without a timestamp, users may not be able to validate > this jar after the signer certificate's expiration date > (2016-11-02) or after any future revocation date. Great... now what happens when you try to deploy that? Note that .ear files aren't supported by Tomcat. I seem to recall that EAR files are basically dead, so TomEE might not support them, either. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5jiRAAoJEBzwKT+lPKRY3uoP/1vuurJAN+vBvthZKYfwhgZe J4Fri1VVnu5xDDerLHdCQVsbQX9TFyn1GvW+BJfWUu9JnObTzKdqnHuQrSRdIzcY PIQX1f0XBjai87+ikFWGvZUj1m5q15mcJ45p9IHWTc6hS1gN+n6kcwwNO395QMhB QnowC6vbtOQwCJmMhMqFfhKP+m+QpzW50MHX4DRwAZ+etjZ5qmLRs061Ozw7uKaz 5alhkCohRZ0JYVu7/iuWMbkc5ymQmLtbLlXMpNUsYtd9P+U8xgcArkXcw96rQsSM RAQTuKMEJa0WIEQNtFQLIVo9PrApY9N41bJan0z+Psy/2HXDwS0tyWrF2Vc7bLBn PvVrEjbMf6/cz0QOWoC393+XUyzLiGN4Az5LM7yoSzisTqyZk+hKP21GgPvNTXZP xLhWat2ciZ2O3jjO+vyB5jjZIAJn0LOaymojajgeeb7gv0r8xJ23Y4CjBY9uJ8hh 6kXMkIeuXTuJ1uCnEg4w+bZ64lzPy4TiCCcbdq9nLVIB52+uNJ+rSfsxZrVGfG6e hx0AsUJGX0zSZbNx8pE9OQ+fiH6tHtBE14FJbhpPnBijrPxDbChPXSdxsxdinDZt HZ7afgPOqieCqHru1y9HXh3xSQKgpKgd5blncXrkHlprcezLNDb3hEPMsTtnL1R4 KShNxpMmJk06Q5N6VCP1 =Gd60 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
