How to create a Java keystore for plugin signing the easy way Mikkel Flindt Heisterberg OnTime by IntraVision
Creating a keystore for plugin signing the easy way
May 10, 2015
How to create a keystore for jar-file signing and how to export the certificate for use with Lotus Domino policies to broadcast the trust to Notes clients.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
How to create a Java keystore for plugin signing the easy way
Mikkel Flindt HeisterbergOnTime by IntraVision
Create the keystore• Use iKeyMan to create the keysore– <Notes>\jvm\bin\ikeyman.exe i.e. C:\Notes8\jvm\
bin\ikeyman.exe• Create keystore of
type JCEKS and specify a password for the keystore
• Note the directory where you create the keystore
Create self-signed certificate• In ”Personal Certificates” click ”New Self-
Signed...” and fill in the fields. • Make sure to adjust the
validity perido of the certificate
• Note the ”Key Label” you specify (here it’s”signerkey”)
• Exit iKeyman
Verify keystore• In a DOS prompt use the KeyTool from the JDK
to verify the keystore– If you haven’t got a JDK installed use the one
installed with Notes (<Notes>\jvm\bin\keytool.exe)
• C:\Notes8\jvm\bin\keytool.exe -keystore keystore.jck -storetype jceks -list -v
Verify keystore
Export certificate• Now export the certificate that is the
certificate to verify jar-file signatures– Again using the keytool as before– This creates mycert.der which is the file you
import into Domino Directory
• C:\Notes8\jvm\bin\keytool.exe -keystore keystore.jck -storetype jceks –export –file mycert.der –alias signerkey
Export certificate
Import the certificate in Domino
Import the certificate in Domino
Import the certificate in Domino
Import the certificate in Domino
Trust• Next steps are to– Cross certify the imported internet certificate with
your a Notes certifier– Use policies (Security settings) to broadcast the
internet certificate and cross certification of the internet certificate to Notes clients
– The option is on the ”Keys and Certificates” tab under ”Administrative Trust Defaults”
Sign jar-file using keystore• You sign jar-files using the jarsigner.exe tool
from the JDK– Again you can use the one installed with the Notes
JVM if need be
• C:\Notes8\jvm\bin\jarsigner.exe -keystore keystore.jck -storetype jceks –signedjar signed.jar myfile.jar signerkey
Sign jar-file using keystore
Related Documents
![MSc System and Network Engineering - de Laata hardware-backed Keystore service to the Android OS [15]. The Keystore consists of multiple components, two of which are [16]: 1.Keymaster](https://static.cupdf.com/doc/110x72/5f0668217e708231d417d691/msc-system-and-network-engineering-de-laat-a-hardware-backed-keystore-service.jpg)
