I've been working with web start for a couple years now and have experience with signing the jars and what not. I am taking my first attempt at deploying a RCP app with web start and though I have in fact signed all of the jars with the same certificate I keep getting this error: 'jar resources in jnlp are not signed by the same certificate'
我已经在网络开始工作了几年,并且有签署罐子的经验,什么不是。我正在第一次尝试使用Web start部署RCP应用程序,虽然我实际上已使用相同的证书签署了所有的jar,但我仍然收到此错误:'jnlp中的jar资源未使用相同的证书签名'
Has anyone else came across this? If so, any ideas on how to fix?
还有其他人遇到过这个吗?如果是这样,有关如何解决的任何想法?
6 个解决方案
#1
When I had similar problems after checking the jars it turned out that some 3rd party jar was signed by someone else.
当我检查罐子后遇到类似的问题时,发现某些第三方罐子是由其他人签署的。
You should create a separate jnlp file for the jars signed by the other certificate and read this jnlp from your jnlp file:
您应该为其他证书签名的jar创建一个单独的jnlp文件,并从您的jnlp文件中读取此jnlp:
<resources>
...
<extension name="other" href="other.jnlp"/>
</resources>
Here or here you can find an example.
在这里或这里你可以找到一个例子。
#2
This may be a stale manifest entry from an already signed jar that you use as a library. I encountered this problem with jogl via webstart. Try this:
这可能是您用作库的已签名jar的陈旧清单条目。我通过webstart遇到了jogl这个问题。试试这个:
Unzip all jars, purge all META-INF directories, jar and sign them again.
解压缩所有jar,清除所有META-INF目录,然后再次对其进行签名。
#3
I've found that JNLP/Webstart does not like multiple signatures/signing via jarsigner.exe for a given JAR. If a JAR such as BouncyCastle (which comes presigned) is signed again with your Company's certificate, visual inspection leads me to believe that the new Certificate and Signatures are performed properly in the JAR. but that JNLP may be reading only the first (Alphabetical?) signature in the META-INF, and thereby complaining it doesn't match your other JARs (which have only one, Corporate, signature on each JAR).
我发现JNLP / Webstart不喜欢通过jarsigner.exe为给定的JAR进行多次签名/签名。如果BouncyCastle(预先签署的)等JAR再次与您的公司证书签署,目视检查会让我相信新的证书和签名在JAR中正确执行。但是JNLP可能只读取META-INF中的第一个(字母顺序?)签名,从而抱怨它与您的其他JAR(每个JAR上只有一个,Corporate,签名)不匹配。
#4
I had the exact same experience as described by Matthew with the presigned BouncyCastle JARs. However, I found that JRE version 1.6.0_14 and later will gladly accept JARs with multiple signatures (as I would expect). Hence, I did not need to use the JNLP 'component extension mechanism' described above.
我有完全相同的经验,如马修所描述的预先签署的BouncyCastle JARs。但是,我发现JRE版本1.6.0_14及更高版本很乐意接受具有多个签名的JAR(正如我所料)。因此,我不需要使用上面描述的JNLP'组件扩展机制'。
PS Did not find any obvious references to this fix in the 1.6.0_14 release notes. However, I have verified that multiple signed JARs works in all later versions (at least 14 - 17 + 24).
PS在1.6.0_14发行说明中没有找到任何对此修复的明显引用。但是,我已经验证了多个签名的JAR可以在所有更高版本中运行(至少14 - 17 + 24)。
#5
See the explanation for one of the FAQ: How do I use multiple JAR files signed by different certificates?
请参阅常见问题解答之一的说明:如何使用由不同证书签名的多个JAR文件?
Right solution.
#6
In my project, what happened is that there are couple of instances in the load balancer pool, there are some instances with old version of code and some with new version. Thus there are certificates not signed by same certificate...
在我的项目中,发生的情况是负载均衡器池中有几个实例,有些实例有旧版本的代码,有些实例有新版本。因此,有证书没有由相同的证书签署...
#1
When I had similar problems after checking the jars it turned out that some 3rd party jar was signed by someone else.
当我检查罐子后遇到类似的问题时,发现某些第三方罐子是由其他人签署的。
You should create a separate jnlp file for the jars signed by the other certificate and read this jnlp from your jnlp file:
您应该为其他证书签名的jar创建一个单独的jnlp文件,并从您的jnlp文件中读取此jnlp:
<resources>
...
<extension name="other" href="other.jnlp"/>
</resources>
Here or here you can find an example.
在这里或这里你可以找到一个例子。
#2
This may be a stale manifest entry from an already signed jar that you use as a library. I encountered this problem with jogl via webstart. Try this:
这可能是您用作库的已签名jar的陈旧清单条目。我通过webstart遇到了jogl这个问题。试试这个:
Unzip all jars, purge all META-INF directories, jar and sign them again.
解压缩所有jar,清除所有META-INF目录,然后再次对其进行签名。
#3
I've found that JNLP/Webstart does not like multiple signatures/signing via jarsigner.exe for a given JAR. If a JAR such as BouncyCastle (which comes presigned) is signed again with your Company's certificate, visual inspection leads me to believe that the new Certificate and Signatures are performed properly in the JAR. but that JNLP may be reading only the first (Alphabetical?) signature in the META-INF, and thereby complaining it doesn't match your other JARs (which have only one, Corporate, signature on each JAR).
我发现JNLP / Webstart不喜欢通过jarsigner.exe为给定的JAR进行多次签名/签名。如果BouncyCastle(预先签署的)等JAR再次与您的公司证书签署,目视检查会让我相信新的证书和签名在JAR中正确执行。但是JNLP可能只读取META-INF中的第一个(字母顺序?)签名,从而抱怨它与您的其他JAR(每个JAR上只有一个,Corporate,签名)不匹配。
#4
I had the exact same experience as described by Matthew with the presigned BouncyCastle JARs. However, I found that JRE version 1.6.0_14 and later will gladly accept JARs with multiple signatures (as I would expect). Hence, I did not need to use the JNLP 'component extension mechanism' described above.
我有完全相同的经验,如马修所描述的预先签署的BouncyCastle JARs。但是,我发现JRE版本1.6.0_14及更高版本很乐意接受具有多个签名的JAR(正如我所料)。因此,我不需要使用上面描述的JNLP'组件扩展机制'。
PS Did not find any obvious references to this fix in the 1.6.0_14 release notes. However, I have verified that multiple signed JARs works in all later versions (at least 14 - 17 + 24).
PS在1.6.0_14发行说明中没有找到任何对此修复的明显引用。但是,我已经验证了多个签名的JAR可以在所有更高版本中运行(至少14 - 17 + 24)。
#5
See the explanation for one of the FAQ: How do I use multiple JAR files signed by different certificates?
请参阅常见问题解答之一的说明:如何使用由不同证书签名的多个JAR文件?
Right solution.
#6
In my project, what happened is that there are couple of instances in the load balancer pool, there are some instances with old version of code and some with new version. Thus there are certificates not signed by same certificate...
在我的项目中,发生的情况是负载均衡器池中有几个实例,有些实例有旧版本的代码,有些实例有新版本。因此,有证书没有由相同的证书签署...