Jarsigner with Timestamping Behind a Firewall

We've supported timestamping in jarsigner for a long time. By providing a -tsa option to the command when signing a jar file, a timestamping block will be added to the signed jar. This makes an application to be accepted by Java Plugin in a future time when the signer's certificate already expires.

In a lot of enterprise environments, you need to go through a firewall to access the Internet, here, the TSA (Time Stamping Authority). We've noticed this some time ago. Therefore, when a connection to the TSA is not available, jarsigner would print out a message like this:

jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall then an HTTP proxy may need to be specified. Supply the following options to jarsigner:
  -J-Dhttp.proxyHost=<hostname>
  -J-Dhttp.proxyPort=<portnumber>
We thought this is very helpful, but there are still some customer feedbacks saying it does not work. It turns out that when a TSA server provides its service through an HTTPS website, in order to specify the proxy setting, you should use another pair of system property names:
  -J-Dhttps.proxyHost=<hostname>
  -J-Dhttps.proxyPort=<portnumber>
Detailed of proxy support in Java can be found here.

In order for people using other languages to reach this page, here are the same messages in Simplified Chinese and Japanese:

jarsigner: 无法对 jar 进行签名: 时间戳颁发机构没有响应。 如果要从防火墙后面连接, 则可能需要指定 HTTP 代理。请为 jarsigner 提供以下选项:
and
jarsigner: jarに署名できません: タイムスタンプ局からのレスポンスがありません。 ファイアウォールを介して接続するときは、必要に応じてHTTPプロキシを指定してください。 jarsignerに次のオプションを指定してください:
(Best wishes for people in Japan. Hope this earthquake/tsunami/nuclear crisis can be over soon.)
Comments:

> Detailed of proxy support in Java can be found here.

This link is defunct. What options do i have to use to provide username and password to the proxy?

Posted by guest on October 28, 2011 at 02:13 PM CST #

Updated.

Posted by Author on May 10, 2012 at 12:17 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today