Code signing process changed

Questions and Answers on installation, deployment, management, locking, tranasactions of Servoy Application Server

Code signing process changed

Postby huber » Wed Feb 22, 2017 1:14 pm

Hi All

We got the news that renewing the code certificate, the process has changed (at least when having a certificate form Global Sign). In short, we do not get mailed a .pfx file anymore, but a physical USB stick containing software to get an USB token (whatever that is). But it does not seem to be possible to create a .pfx file and therefor no keystone file. And this is a prerequisite to use the Code Signer developed by Patrick Talbot and brakes the currently used workflow. The process with the USB token using Java Development Kit (suggested) does not allow for multiple .jar files signing, but only one bey one. At least this is our current knowledge as far as we understand it.

Here are two links to this subject (one in german):
https://magazin.sslmarket.de/inpage/cod ... -geregelt/
https://casecurity.org/wp-content/uploa ... igning.pdf

As we are afraid that the Servoy applications will stop working after the expiration date of the certificate, we would be very happy to hear about your experience and help on how to solve that problem as we are quite in a hurry (certificate expiring soon).

Thanks and best regards,
Robert Huber
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
huber
 
Posts: 516
Joined: Mon May 14, 2012 11:31 pm

Re: Code signing process changed

Postby patrick » Wed Feb 22, 2017 1:38 pm

I would call global sign and ask them how to create a java keystore from whatever they shipped.

As a side note: you could consider using our bootstrapper (see https://wiki.servoy.com/pages/viewpage. ... d=23856169). With that, the whole code signing process should be obsolete.
Patrick Ruhsert
Servoy DACH
patrick
 
Posts: 3703
Joined: Wed Jun 11, 2003 10:33 am
Location: Munich, Germany

Re: Code signing process changed

Postby HEKUCH » Wed Feb 22, 2017 6:46 pm

Hi Patrick,

I've been working with bootstrap.jar for a long time and start my smart-client-application with this tool. So far I have signed my jar files anyway. Is it really not necessary with this procedure? If I change the date on my client after the expiration-date from my certificate I get a certificate error. But this is perhaps not the correct way to check this?

Who can I download the latest version of bootstrap.jar ?
Hendrick Kurland

DataBit GmbH
CH-9217 Neukirch an der Thur
HEKUCH
 
Posts: 13
Joined: Thu May 05, 2011 8:02 am

Re: Code signing process changed

Postby patrick » Wed Feb 22, 2017 7:32 pm

With bootstrap Java Web Start only needs to validate the bootstrap.jar and that is signed by Servoy. All the other libraries are then loaded by bootstrap itself (which is the whole point about the bootstrapper). There is no need to download a latest version, as far as I know it ships with Servoy these days.
Patrick Ruhsert
Servoy DACH
patrick
 
Posts: 3703
Joined: Wed Jun 11, 2003 10:33 am
Location: Munich, Germany

Re: Code signing process changed

Postby huber » Fri Feb 24, 2017 6:39 pm

Thanks a lot Patrick for your suggestions. I will try on monday with a certificate from comodo, which seems to offer the current route in some way.

Later on I will try the bootstrap way (when I have a bit more time).

Regards,
Robert

patrick wrote:With bootstrap Java Web Start only needs to validate the bootstrap.jar and that is signed by Servoy. All the other libraries are then loaded by bootstrap itself (which is the whole point about the bootstrapper). There is no need to download a latest version, as far as I know it ships with Servoy these days.
Robert Huber
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
huber
 
Posts: 516
Joined: Mon May 14, 2012 11:31 pm

Re: Code signing process changed

Postby IT2Be » Fri Feb 24, 2017 6:57 pm

Hi Robert,

I worked with Global Sign before and moved to Comodo last year.
The process was smoother than with Global Sign.
Marcel J.G. Trapman (IT2BE)
SAN partner - Freelance Java and Servoy
Servoy Components - IT2BE Plug-ins and Beans for Servoy
ServoyForge - Open Source Components for Servoy
User avatar
IT2Be
Servoy Expert
 
Posts: 4766
Joined: Tue Oct 14, 2003 7:09 pm
Location: Germany

Re: Code signing process changed

Postby huber » Fri Mar 03, 2017 11:02 am

Thanks Marcel. I ordered a Comodo Certificate and it works - getting a .p12 File and being able to further use Patrick Talbots Code Signer.

IT2Be wrote:Hi Robert,

I worked with Global Sign before and moved to Comodo last year.
The process was smoother than with Global Sign.


Regards,
Robert Huber
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
huber
 
Posts: 516
Joined: Mon May 14, 2012 11:31 pm


Return to Servoy Server

Who is online

Users browsing this forum: No registered users and 4 guests