How to create a Java keystorefor plugin signing the easy way      Mikkel Flindt Heisterberg       OnTime by IntraVision
Create the keystore• Use iKeyMan to create the keysore   – <Notes>jvmbinikeyman.exe i.e. C:Notes8jvm     binikeyman.exe• C...
Create self-signed certificate• In ”Personal Certificates” click ”New Self-  Signed...” and fill in the fields.• Make sure...
Verify keystore• In a DOS prompt use the KeyTool from the JDK  to verify the keystore  – If you haven’t got a JDK installe...
Verify keystore
Export certificate• Now export the certificate that is the  certificate to verify jar-file signatures   – Again using the ...
Export certificate
Import the certificate in Domino
Import the certificate in Domino
Import the certificate in Domino
Import the certificate in Domino
Trust• Next steps are to  – Cross certify the imported internet certificate with    your a Notes certifier  – Use policies...
Sign jar-file using keystore• You sign jar-files using the jarsigner.exe tool  from the JDK  – Again you can use the one i...
Sign jar-file using keystore
Upcoming SlideShare
Loading in...5
×

Creating a keystore for plugin signing the easy way

1,992

Published on

How to create a keystore for jar-file signing and how to export the certificate for use with Lotus Domino policies to broadcast the trust to Notes clients.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,992
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Creating a keystore for plugin signing the easy way

  1. 1. How to create a Java keystorefor plugin signing the easy way Mikkel Flindt Heisterberg OnTime by IntraVision
  2. 2. Create the keystore• Use iKeyMan to create the keysore – <Notes>jvmbinikeyman.exe i.e. C:Notes8jvm binikeyman.exe• Create keystore of type JCEKS and specify a password for the keystore• Note the directory where you create the keystore
  3. 3. Create self-signed certificate• In ”Personal Certificates” click ”New Self- Signed...” and fill in the fields.• Make sure to adjust the validity perido of the certificate• Note the ”Key Label” you specify (here it’s ”signerkey”)• Exit iKeyman
  4. 4. Verify keystore• In a DOS prompt use the KeyTool from the JDK to verify the keystore – If you haven’t got a JDK installed use the one installed with Notes (<Notes>jvmbinkeytool.exe)• C:Notes8jvmbinkeytool.exe -keystore keystore.jck -storetype jceks -list -v
  5. 5. Verify keystore
  6. 6. Export certificate• Now export the certificate that is the certificate to verify jar-file signatures – Again using the keytool as before – This creates mycert.der which is the file you import into Domino Directory• C:Notes8jvmbinkeytool.exe -keystore keystore.jck -storetype jceks –export –file mycert.der –alias signerkey
  7. 7. Export certificate
  8. 8. Import the certificate in Domino
  9. 9. Import the certificate in Domino
  10. 10. Import the certificate in Domino
  11. 11. Import the certificate in Domino
  12. 12. Trust• Next steps are to – Cross certify the imported internet certificate with your a Notes certifier – Use policies (Security settings) to broadcast the internet certificate and cross certification of the internet certificate to Notes clients – The option is on the ”Keys and Certificates” tab under ”Administrative Trust Defaults”
  13. 13. Sign jar-file using keystore• You sign jar-files using the jarsigner.exe tool from the JDK – Again you can use the one installed with the Notes JVM if need be• C:Notes8jvmbinjarsigner.exe -keystore keystore.jck -storetype jceks –signedjar signed.jar myfile.jar signerkey
  14. 14. Sign jar-file using keystore
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×