I have valid COMODO certificate which I use to sign DLLs. I now need to sign applet.jar and for this I used this command:
jarsigner "PATH_TO\my.jar" -storetype pkcs12 -keystore "PATH_TO\cert.pfx" 1 -tsa http://sha256timestamp.ws.symantec.com/sha256/timestamp
As result I get warning:
The signer's certificate chain is not validated.
And my applet is considered as self-signed. I found this solution: The signer’s certificate chain is not validated and the same here, but now when I try to sign jar with exported certificate I get this error:
jarsigner error: java.lang.RuntimeException: keystore load: Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
I tried to add this to command line -sigalg SHA256withRSA -digestalg SHA256 but nothing changed.
Can anybody help with this issue? Thanks in advance.
I solved my problem by solution from original question, BUT key point is that you can NOT use Windows 10 for this trick, I used Windows 7 and it works just fine.
Why? no idea...
Related
After signing my Application using Test certificate (pfx) with signtool when I try to verify using signtool verify I am getting below error code
SignTool Error: WinVerifyTrust returned error: 0x80096019
A certificate's basic constraint extension has not been observed.
I have Tried to other exe with the same cert still the same Issue?
I have tried different certificates with the same exe still the same Issue?
I have searched on the Internet I couldn't find a source or Link. Any Help would be much appreciated?
You maybe use a CA certificate to sign. A CA certificate should issue a Code Signing certificate so you need a second certificate to sign your executable (Basic Constraints = LIMITED to 0 or false) that is then used to sign the executable.
This second code signing certificate is signed with the CA certificates private key.
after importing the der file to the key store as follow
keytool -keystore my-release-key.keystore -importcert
-file ~/Downloads/upload_cert.der -alias uploadcert
I get an error when trying to assemble release APK
trusted certificate entries are not password-protected
If I add
-protected
to the import, I geth
keytool error: java.lang.IllegalArgumentException: password can't be null
and if I pass the password after -protected I get usage help message.
not sure how to pass the password.
Any idea if I am on the right path to sign with google upload certificate der file ?
Got the same problem and password can't be null problem may be passed by editing the comment like:
keytool -keystore parkimayaz.keystore -importcert -file
~/Downloads/upload_cert.der -alias uploadcert -keypass "yourpass" -
storepass "yourpass"
Another info I used characters like (',#,^) on the password part which gave me some errors.
also please take a look at oracle keytool docs
I have a p12 file, 'test.p12,' that has a certificate, the CA cert (self-signed), and private key for the certificate. The p12 file is generated using the BouncyCastle's C# API.
When trying to import the certificate by using 'CertUtil', i.e., 'CertUtil -f -p password -importpfx test.p12,' CertUtil generates the following error:
CertUtil: -importPFX command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
CertUtil: Keyset does not exist
Any clues as to what may be wrong? (I'm using Windows 10)
Using openssl, I can see that 'test.p12' does include the certificate, CA cert, and private key. The certificate is using an EC keypair, but I doubt that's a problem since I have a reference p12 file that uses the same algorithm and is imported by CertUtil without problem. Unfortunately, I have no detail on how the reference file is generated.
In my google searches, many seem to suggest that this may be a permission problem, but I doubt that's the case as I'm running the CertUtil as the Administrator.
When importing the same file using 'MMC' with the certificate snap-ins, the certificate is "successfully" imported if I force the MMC to store it in a specific store, e.g., Personal; otherwise, it prompts to select a Smart Card for the certificate. Could this be a related problem?
Thanks,
--Hyong
I have uploaded an app on Google Play, unfortunately I have lost certificate of the uploaded app but I have password of the app. Now I want to upload new version of the app but I have no certificate, is there any way to recover the certificate of the app and upload the newer version of the app. Please help me in this respect, your help would be cordially appreciated. Thanks in advance.
1)Generate new certificate:
keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias
2) Convert to .pem:
keytool -export -rfc -alias my-alias -file upload_certificate.pem -keystore my-release-key.jks
3) Send .pem to Contact Form:
General issues - Play Console Help
it takes 2 busines days to answer but this is the way if you dont want to re publish your app ;)
then you can sign your apk as you do before
(for me)
zipalign -v 4 android-release-unsigned.apk HelloWorld.apk
ReadMore
Manage your app signing keys
Now it is possible with Google Play App Signing
A short description
Users are installing apk with own google signing when you have uploaded previously with custom sign to google play
And if you didn't enable this feature there is an opportunity to take it now but with the help of google support team
You cannot recover the certificate if you lost it.
That's the point of the certificate, it behaves like a (private) key in real life. If you lose the key and its copies, then you have to change the lock.
I am trying to upload my app to. After tip Archive,it shows :Code Sign error: The default keychain doesn't have an identity matching the profile 'submitsearch' and identity 'iPhone Developer.
Which step may be wrong?
thanks
More than one thing can cause this problem:
Wrong profile/certificate used
Wrong export password
Expired certificate/profile
Apple changed something on their side
I find the best way to fix it is generating both certificate and profile again.
In my case it is due to not attaching key to p12 file.
for windows I simply run following command in openSSL:
pkcs12 -export -inkey privatekey.key -in ios_development.pem -out ios_development.p12
Its work for me.
You can find the solution on this link :
Default keychain problem
You just have to make a difference between the Distribution Provisoning Profile and the Development Provisioning Profile.
The Main Difference between Distrib and Dev