Servoy Forum

Hi All

We got the news that renewing the code certificate, the process has changed (at least when having a certificate form Global Sign). In short, we do not get mailed a .pfx file anymore, but a physical USB stick containing software to get an USB token (whatever that is). But it does not seem to be possible to create a .pfx file and therefor no keystone file. And this is a prerequisite to use the Code Signer developed by Patrick Talbot and brakes the currently used workflow. The process with the USB token using Java Development Kit (suggested) does not allow for multiple .jar files signing, but only one bey one. At least this is our current knowledge as far as we understand it.

Here are two links to this subject (one in german):
https://magazin.sslmarket.de/inpage/cod ... -geregelt/
https://casecurity.org/wp-content/uploa ... igning.pdf

As we are afraid that the Servoy applications will stop working after the expiration date of the certificate, we would be very happy to hear about your experience and help on how to solve that problem as we are quite in a hurry (certificate expiring soon).

Thanks and best regards,

I would call global sign and ask them how to create a java keystore from whatever they shipped.

As a side note: you could consider using our bootstrapper (see https://wiki.servoy.com/pages/viewpage. ... d=23856169). With that, the whole code signing process should be obsolete.

Hi Patrick,

I've been working with bootstrap.jar for a long time and start my smart-client-application with this tool. So far I have signed my jar files anyway. Is it really not necessary with this procedure? If I change the date on my client after the expiration-date from my certificate I get a certificate error. But this is perhaps not the correct way to check this?

Who can I download the latest version of bootstrap.jar ?

With bootstrap Java Web Start only needs to validate the bootstrap.jar and that is signed by Servoy. All the other libraries are then loaded by bootstrap itself (which is the whole point about the bootstrapper). There is no need to download a latest version, as far as I know it ships with Servoy these days.

Thanks a lot Patrick for your suggestions. I will try on monday with a certificate from comodo, which seems to offer the current route in some way.

Later on I will try the bootstrap way (when I have a bit more time).

Regards,
Robert

patrick wrote:With bootstrap Java Web Start only needs to validate the bootstrap.jar and that is signed by Servoy. All the other libraries are then loaded by bootstrap itself (which is the whole point about the bootstrapper). There is no need to download a latest version, as far as I know it ships with Servoy these days.

Hi Robert,

I worked with Global Sign before and moved to Comodo last year.
The process was smoother than with Global Sign.

Thanks Marcel. I ordered a Comodo Certificate and it works - getting a .p12 File and being able to further use Patrick Talbots Code Signer.

IT2Be wrote:Hi Robert,

I worked with Global Sign before and moved to Comodo last year.
The process was smoother than with Global Sign.

Regards,