8

Is it possible to use a server certificate to sign a java web start app? What I want to know is if will it work. I have a trusted certificate for my server, and I would like to reuse the same certificate to sign an app.

Right now, I have this warning:

This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing. This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.

Will I be able to launch my app without the warning that the certificate is not trusted?

Miguel Ping
  • 18,082
  • 23
  • 88
  • 136
  • Is it worked in your case? I mean using SSL certificate taken for website is useful for JAR signing also, your experience will help a lot :) – Amogh Aug 30 '16 at 09:36
  • @Amogh SSL certs are for websites/webapps that communicate through https. For standalone apps you need a diferent cert. – Miguel Ping Sep 01 '16 at 07:49

2 Answers2

12

You will get warning if you don't use a code signing certificate. For most CA, code signing cert costs more than the server cert. In my opinion, this is just a marketing scheme to make you to pay for another cert. There is no technical difference between two certs. Some CA may provide combo deals with usage for both.

ZZ Coder
  • 74,484
  • 29
  • 137
  • 169
  • I already get a warning when signing the jars. You mean I will get a warning when running the app? – Miguel Ping Sep 30 '09 at 13:10
  • You will get a notification when you run the JAR even if you use the correct cert. But you will get a warning on top of that in your case. Unfortunately, most users don't see the difference :( – ZZ Coder Sep 30 '09 at 14:40
  • 2
    You'll need a real code signing cert. See http://stackoverflow.com/questions/155241/cheapest-java-code-signing-certificate-not-self-signed for great advice on where to obtain them for cheap. – CarlG Oct 22 '09 at 03:32
0

I assume you have created the JKS file using the KEY and CRT of your SSL and hence you get the error..

I have a simple solution here:

As you know you can create a JKS using the following command

keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias

and when you use this JKS you get self signed certification message which is absolutely fine to make the app live at Google play store.. But buying code signing certificate is good if you can afford it ..

OmkieIT Solutions
  • 424
  • 4
  • 10