Servoy Forum

Did someone else have problems in codeSigning VelocityReport?

I have installed the latest VelocityReport Plugin and tried to codesign it.
For velocityreport.jar, I get the messages listed below.
(I did not try to sign the velocityreport folder therefore)

We use Java 8u144 and codeSigner8

I have to admit I am not a real expert in codeSigning.
When I start codeSigner8, there are two messages that bother me too in the Certificate information window:
1) Chain verification: Error
2) Error building certification path: CN=...

Maybe that could be the root cause?

D:\\servoy_testversion\\application_server\\plugins\\velocityreport.jar start processing
D:\\servoy_testversion\\application_server\\plugins\\velocityreport.jar unsigned
D:\\servoy_testversion\\application_server\\plugins\\velocityreport.jar repacked
null
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
...

Hi Bernd,

1) Chain verification: Error

Sounds like your keystore doesn't have a valid chain of trust. Perhaps missing an intermediate certificate? Better check with your certificate provider.

Hope this helps.

Yes that seems to be the case.
But in software business, things do not get rusty and break suddenly.
So some of the involved components must have been changed in the meantime.
Is the intermediate certificate something that can be found in the internet and not on my side? Then it is likely that it does not exist anymore.

Also it could be that the intermediate certificate was invalid all the time, while a previous java version did not care and signed everything anyway.
And now I have a more recent java version which rejects the invalid stuff.

Can you recommend a certificate provider that has most reliable certificats?

CA's can fall out of grace (like Symantec, WoSign and StartCom have in the last couple of months) and therefor their signed certificates as well. What CA do you use?

I use GlobalSign myself.

I bought a Comodo certificate from leaderssl.

An expert from leaderssl guessed that it is a sha1/sha2 problem.

I am wondering about that, because I got my certificate in August 2015, and that should have been already sha2.

I ordered my new certificate now at sslpoint, who sell Comodo certificates.
They have a nice online support center and even offer support in German if requested.

Support worked well when Comodo needed a bit too long to send me the certificate, because Dun&Bradstreet needed time for checking our phone number.
So I can recommend sslpoint.

And as creating a keystore from the certificate is still a sealed book for me, I asked Harjo to help me.