Verisign trial Cert

For Update Center project we plan to sign the hosted jars and they are verified on the client side. This way only trusted jars can be downloaded and installed by the GlassFish Users. I wanted to test this code with a trial certificate. Verisign makes this process very easy.

The list of SSL certficate packages are available on verisign website . I clicked on the Trial button to generate a trial certficate. Once the contact information is filled out. A form is shown asking the type of server platform, use of the certficate and the CSR. The following steps create the CSR. First a key pair needs to be generated. The following generates a key name "mykey" in the specified mykeystore file.

chandu(sv96363):~ -> keytool -genkey -keystore ~/public_html/mykeystore -keyalg rsa -alias mykey
Enter keystore password:  changeit
What is your first and last name?
 [Unknown]:  www.java.net
What is the name of your organizational unit?
 [Unknown]:  Application Server
What is the name of your organization?
 [Unknown]:  Sun
What is the name of your City or Locality?
 [Unknown]:  Santa Clara
What is the name of your State or Province?
 [Unknown]:  California
What is the two-letter country code for this unit?
 [Unknown]:  US
Is CN=www.java.net, OU=Application Server, O=Sun, L=Santa Clara, ST=California, C=US correct?
 [no]:  yes

Enter key password for <mykey>
       (RETURN if same as keystore password):
 Then the CSR is obtained as follows:

chandu(sv96363):~ -> keytool -certreq -keystore ~/public_html/mykeystore -alias mykey

Enter keystore password: changeit

-----BEGIN NEW CERTIFICATE REQUEST----- MIICdzCCAjUCAQAwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBD bGFyYTEMMAoGA1UEChMDU3VuMRswGQYDVQQLExJBcHBsaWNhdGlvbiBTZXJ2ZXIxFjAUBgNVBAMT DVVwZGF0ZSBDZW50ZXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQ IsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCX YFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7 YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYBy4ONz1v6OT+JT23T+ TPDvI0gjREzrXfampRS93eEYzXxfcVDjfSPa1QvugG7puBaK/ZCVYg5ewEHSG2YBL+VV8ix6XWLQ l2p4cGuiabimuwbVrHgL9fr0vpxA3+uPVrHVI3/+34kvzp8+rdWYMCunw/xsRajzt9mrr5Srs+ZY KqAAMAsGByqGSM44BAMFAAMvADAsAhRXvF8S8VIqiyPkAtRMfwdi/uvluwIULtTEGcqgM97tgEZ7 GprfupartWw= -----END NEW CERTIFICATE REQUEST----- 

 Almost immediately I got an email containing my trial cert. I saved the trial cert as uc_cert.cer. I import this trial certificate along with <a href="http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html"> trial Root CA</a> certifcate.

keytool –import –trustcacerts –keystore ~/public_html/mykeystore  -alias mykey -file ~/public_html/uc_cert.cer
keytool –import –trustcacerts –keystore ~/public_html/mykeystore  -alias mykey -file ~/public_html/trial_root.cer
 

Now a jar file can be signed as follows:

jarsigner Test.jar mykey

Then it can be verified as follows:

jarsigner -verify -verbose -certs Test.jar


Comments:

Post a Comment:
Comments are closed for this entry.
About

sv96363

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today