'Can not verify rule set jar

Another try to open a message here

My company wants to use the deployment rule set for multiple java versions usage.

Currenly we have 1.6.0_13, 1.7.0_51 and 1.8.0_66 Java 8 is what selected in the System tab of the java control home User tab consists of java 6, 7 and 8

all the settings in deployment.properties are default and point to correct locations or values

env variables set java_home ="C:\Program Files (x86)\Java\jdk1.8.0_66\bin" path = set to correct locations

The steps i followed are below,

  1. create the keystore keytool -genkey -dname "cn=drstest, ou=abac, o=mycompany, c=SE" -keyalg RSA -keysize 2048 -alias testsign -keypass password -keystore mykeystore.jks -storepass password -validity 1460

  2. downloaded the csr file keytool -certreq -alias testsign -file certreq.csr -keystore mykeystore.jks -storepass password

  3. Used the csr file and sent it to my company's CA for signing.

  4. Received two files: cer and p7b files from CA

  5. Import CSR reply: keytool -import -trustcacerts -file certnew.p7b -alias testsign -keystore mykeystore.jks -storepass password

  6. Downloaded and added required certificates of the chain in the keystore.

  7. created the ruleset.xml

  8. created the jar file using jar.exe jar.exe -cvf DeploymentRuleSet.jar ruleset.xml

  9. signed the jar file the keystore jarsigner -keystore mykeystore.jks DeploymentRuleSet.jar testsign

  10. added the time stamp jarsigner -verbose -keystore mykeystore.jks -storepass password -keypass password -tsa http://timestamp.comodoca.com/rfc3161 DeploymentRuleSet.jar testsign -J-Dhttp.proxyHost=xxx.xxx.COM -J-Dhttp.proxyPort=8080

  11. Placed the DeploymentRuleSet.jar in the C:\Windows\Sun\Java\Deployment folder

Now when i test using the java control home Control panel -> Java -> Security tab -> View active deployment rule set ->

i get the message as "DeploymentRuleset.jar is invalid" "Can not verify rule set jar"

I can see my certificate in the "View Certificate details"

Now i have spents so many hrs and have gone through so many webpages, and still dont know why it is invalid.

This is not rocket science, but still i am stuck.

Can some one point out where i am going wrong.

********* i am not sure if there are any steps for cacerts file, if i have missed something for cacerts please guide me*************

Regards



Solution 1:[1]

Try this,

either use an older JDK to sign your DSR jar ... for example the 1.6.0_13 JDK

OR

with your newer JDK add this to your jarsigner command -tsadigestalg SHA1

jarsigner -tsadigestalg SHA1 -verbose -keystore mykeystore.jks -storepass password -keypass password -tsa http://timestamp.comodoca.com/rfc3161 DeploymentRuleSet.jar testsign -J-Dhttp.proxyHost=xxx.xxx.COM -J-Dhttp.proxyPort=8080

Oracle mentions something about it in this article

Java SE from 7 Update 76 and Earlier Throws a JARSigningException with Jar Files Signed Using the '-tsa' Option by Versions of Java SE 8u92-b31 and Later(2191197.1) https://support.oracle.com/epmos/faces/DocContentDisplay?id=2191197.1

Its what worked for me

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 KingBain