当前位置：文江博客话题详情

sign Java midlet

如何签署 Java Midlet？

发布于 2024-08-04 03:40:12 字数 76 浏览 3 评论 0 原文

一个简单的问题却有一个相当复杂的答案：

如何对 Java Midlet 进行签名，以便可以将其加载到安全提示较少的手机上？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

自我难过 2024-08-11 03:40:12

获取所需的软件

Java SDK (JDK) 来自 Sun （您应该已经有了这个）
Java Wireless Toolkit (WTK) 也来自 Sun
（可选）获取并安装 Ant 和天线，允许您自动化构建（我强烈推荐这些）

导入现有证书（如果有的话）

如果您从 Verisign 购买了证书（或其他提供商）您需要将证书导入到您的 J2SE 密钥库中。
尝试使用以下命令 keytool -import -alias {myalias} -file {mycertificate} （由于我没有适当的证书，因此无法测试此命令）
运行 keytool -list 查看您的新证书
接下来，您必须导出证书，以便将其导入到手机中
运行 keytool -export -alias {myalias} -file mycertificate.crt
将证书导入到您的手机（有关详细信息，请参见下文）

创建并导入新的（测试）证书

您需要使用keytool （来自 JDK）
我使用了以下命令 keytool -genkey -alias {myalias} -keyalg RSA -validity 365
这将提示您输入密钥库密码，输入您的密钥库密码（如果您有现有的密钥库）或您想要使用的密码（如果您还没有）
填写有关位置/公司名称等的所有提示。
运行keytool -list 查看新证书
接下来，您必须导出证书，以便将其导入到手机中
运行 keytool -export -alias {myalias} -file mycertificate.crt
将证书导入到您的手机中（详细信息请参见下文）

C:\j2sdk1.4.2_08\bin>keytool -genkey -alias company -keyalg RSA -validity 365
Enter keystore password: password
What is your first and last name? [Unknown]: My Name
What is the name of your organizational unit? [Unknown]: company
What is the name of your organization? [Unknown]: company
What is the name of your City or Locality? [Unknown]: location
What is the name of your State or Province? [Unknown]: location2
What is the two-letter country code for this unit? [Unknown]: GB
Is CN=My Name, OU=company, O=company, L=location, ST=location2, C=GB correct? [no]: yes
Enter key password for (RETURN if same as keystore password):

构建并打包应用程序

使用javac 来构建您的 MIDlet，特别注意您的类路径和 bootclasspath 选项（否则预验证将失败）。我还将目标设置为 1.1，源设置为 1.3
生成 JAD 文件 JAD 中的关键属性是
MIDlet-Jar-URL、MIDlet-Jar-Size、MIDlet-Permissions 我们还包括 MIDlet-Icon、MicroEdition-Configuration、MicroEdition-Profile、MIDlet-Name、MIDlet-Push-1、MIDlet-Icon、MIDlet-Description 和 MIDlet-版本
根据您的 JAD 生成 MANIFEST.MF 文件，您必须删除 MIDlet-Jar-Size 和 MIDlet-Jar-URL


这两个任务都可以使用 wtkJad Antenna 任务来完成
打包并使用预验证应用程序在 wtkPackage Antenna 任务中，您必须正确设置类路径和 bootclasspath 属性，否则预验证将失败


签署应用程序

使用jarsigner
运行 jarsigner -keystore {mykeystore} -storepass (mypassword} {myjar} {myalias 。
现在，您已经有了一个签名的 jar，您需要更新 JAD 中的 MIDlet-Jar-Size
现在，使用 JadTool.jar 来自 WTK
 Run java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
现在使用 JadTool.jar
运行 <代码>java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}

 < strong>部署

将其部署到正确设置 MIME 类型的 Web 服务器并将其下载到您的手机，它将成为受信任的第 3 方应用程序
您还可以通过发送 JAR 和 JAR 将应用程序部署到手机。通过蓝牙或红外线或电缆将 JAD 连接到手机，具体取决于您的手机功能。在诺基亚手机上的文件

出现在您的短信收件箱中

在手机上安装证书

将证书导入到您的手机中，在 Windows XP SP2 中我可以这样做

右键单击该文件并选择“发送到蓝牙设备”，

您也应该能够通过电缆或红外线 (IR) 发送文件。注意：我

无论如何，还没有找到在 Series 40 手机上导入证书的方法
一旦安装了证书，就需要对其进行授权

“应用程序安装”。在我的手机（诺基亚 6680）上，它位于

工具->设置->证书管理->信任设置，我开启了

一切，但我认为“应用程序安装”就是您所需要的

常见问题

应用程序未使用 JAD 安装：仅当使用 JAD 安装时应用程序才受信任，应用程序仍将从 jar 中安装，但它不会被信任。
未设置应用程序信任设置：安装应用程序后，您需要指定给予它的信任程度（默认情况下它不会获得所有权限）。在诺基亚 Series 60 手机上，可以在应用程序下找到这些内容。经理。
手机中缺少根证书：某些手机中缺少 Java 验证证书和/或 Verisign 证书，请在工具 -> 设置 -> 证书管理下检查相关证书
授权失败： - 这背后有很多可能的原因这是我遇到过的

手机中缺少证书，请仔细检查您的证书是否已安装，并且已在证书管理中标记为可信任应用程序安装
重新启动：完全卸载应用程序，然后重新启动手机，尝试将电池和 SIM 卡也取出，通常情况下事情会陷入困境，特别是如果您在没有先卸载的情况下重新安装了很多次
JAD/JAR 不匹配：仔细检查 JAD 中的应用程序大小，记住重要的是字节数而不是磁盘上的大小
浏览器缓存：如果您要进行无线安装，请确保在安装前清除浏览器缓存
我听说但未证实 MIDlet-Permissions 中的换行符可能会导致问题，但在诺基亚 6680/6630/6230i 上对我来说似乎没问题（可能与固件有关？）
    
MIDlet-Permissions 属性是造成很多问题的原因（特别是因为文档经常错误/丢失或因手机而异），请尝试先将其忽略，然后在一次一个。有些手机会抱怨它们不支持的权限，有些手机会忽略它们


某些早期的诺基亚 6600 固件中存在一个错误，会阻止受信任的 MIDlet 的安装
证书尚未生效：如果您自己生成证书，则它可能具有起始有效性明天的日期，如果您的 PC 和手机日期不同，您可能超出了证书的有效期
Series 40 手机上没有证书管理，您可以安装签名的应用程序，但自签名证书的行为很奇怪
JadTool 问题：我没有经历过这些问题，但很多其他人都经历过

“如果我尝试手动使用 jadtool，我会遇到问题。我有一个证书链，但似乎无法使用任何 WTK jadtool 将第二个证书添加到 JAD 文件中。但有趣的是，我可以成功使用任何相同的 WTK GUI 界面对 midlet 进行签名 - 他们正确添加了第二个证书 我的步骤：

使用 1.4.2_06 jarsigner.exe 对 jar 进行签名
使用 WTK（2.2 或 2.3 beta）jadtool 添加证书，证书编号为 1
如果我使用 certnum 2 调用 jadtool 来 addcert，则会将相同的证书插入为 cert 1-2，我假设我做错了什么，因为 WTK gui 似乎工作得很好”


“我在 KVM 新闻组上收到了一篇关于该主题的帖子，指出 jadtool 中存在错误，作者声称已提交错误报告并发布了补丁：http://archives.java.sun .com/cgi-bin/wa?A2=ind0508&L=kvm-interest&F=&S=&P=9858 还发布的一个有趣的说明是，证书 JAD 参数是静态的，因此一旦您从 WTK 正确获取它们，您就可以将它们静态地放入 ant 脚本中。”
“我正在尝试为诺基亚 6620 设备签署 MIdlet。我使用的 Verisign 代码签名证书实际上包含两个证书（用户和中间 CA）。我正在使用 WTK 2.2 签名工具。您知道这是否有效吗？签名时工具支持两个证书吗？签名已添加到带有两个证书的 JAD 文件中，但安装时出现安全错误。我已检查设备，并且为 Verisign 安装了不同的根证书，但仍然失败！
    
“如果需要，您可以下载 sprintpcs 开发人员套件，因为它支持双证书 (http://developer.sprintpcs. com）。但是，我从未获得在诺基亚（6620/cingular）手机上使用的证书，尽管它确实可以在 sprint 手机上使用（启用了开发人员根）。最终，我只能通过创建来工作。奇怪的是，尽管我的 versign 签名证书的根证书*在*6620 手机上，但它仍然永远不会像您想象的那样安装我的 MIDlet。” 


旧手机（6230/i、6682）不支持 x509 证书，WPKI 已被建议作为可能的解决方案，但我尚未调查此
套接字连接可能存在问题（http://discussion.forum.nokia.com/forum/showthread.php?t=68306 ）可能到期WAP 基础设施和运营商提供的服务。 更安全的协议
 HTTP 是使用“上网并检查应用程序有效性” ：是/否。如果我单击“是”按钮，手机上会出现以下错误：“此应用程序的证书已吊销”并且安装失败。要纠正此问题，请转到“工具”->“经理->菜单->设置->在线证书检查 [ 开/关/必需] 还有一个默认地址设置。如果需要在线控制设置，如果没有默认地址，则检查失败。请参阅http://discussion.forum.nokia.com/forum/showthread。 php?t=71071

 信任域

 MIDP2 中有 4 个不同的信任域（制造商、运营商、可信第三方和不可信）。受信任的第三方是唯一对我们有任何用处的第三方。它在我的诺基亚 6680（沃达丰英国）上提供了以下选项：
    Network Access: Not Allowed, Ask every time, Ask first time

    Messaging: Not Allowed, Ask every time App

    Auto-Start: Not Allowed, Ask every time, Ask first time

    Connectivity: Not Allowed, Ask every time, Ask first time, Always allowed

    Multimedia: Not Allowed, Ask every time, Ask first time

    Read User Data: Not Allowed, Ask every time, Ask first time, Always allowed

    Edit User Data: Not Allowed, Ask every time, Ask first time, Always allowed
这些设置由运营商和手机制造商定义，因此因手机、制造商和运营商而异。

 未解决的问题

我设法使用 J2ME WTK 实用程序以这种格式签署 JAD，但是当尝试在设备上安装它时，我收到一条消息“应用程序身份验证失败 909”。

 示例 JAD
MIDlet-Jar-URL: MyApp.jar
MIDlet-Jar-Size: 201365
MIDlet-Name: MyApp
MIDlet-Vendor: EC1M
MicroEdition-Profile: MIDP-2.0
MicroEdition-Configuration: CLDC-1.1
MIDlet-Icon: logo.png
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-Description: MyApp MIDlet
MIDlet-Permissions: javax.microedition.io.PushRegistry,javax.microedition.io.Connector.sms...
MIDlet-Version: 1.0.67 MIDlet-1: MyApp, logo.png,net.ec1m.MyApp.midp.MyAppMIDlet
MIDlet-Certificate-1-1: MIICODCCAaECBEKqpfswDQYJKoZIhvcNAQEEBQAwYz...=
MIDlet-Jar-RSA-SHA1: EUsAch/.../hEZOsJsiCjBOhNs/3FSw4=

 示例清单

Manifest-Version: 1.0
MIDlet-Name: MyApp  
Created-By: 1.4.2_05-b04 (Sun Microsystems Inc.)
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-1: MyApp, logo.png, net.ec1m.MyApp.midp.MyAppMIDlet
MicroEdition-Configuration: CLDC-1.1
Ant-Version: Apache Ant 1.6.2
MIDlet-Icon: logo.png
MIDlet-Vendor: EC1M
MIDlet-Permissions: javax.microedition...
MIDlet-Version: 1.0.67
MicroEdition-Profile: MIDP-2.0
MIDlet-Description: MyApp MIDlet

示例 Ant 构建文件
我已经把我们的 EC1M ant 构建文件在我们的网站上发布（希望）使这一切对您来说更容易一些。
其他资源
这个诺基亚论坛上的常见问题解答值得一读。

Get required software

Java SDK (JDK) from Sun (you should already have this)
Java Wireless Toolkit (WTK) also from Sun
Optionally get and install Ant and Antenna to allow you to automate your build (I'd strongly recommend these)

Import an existing certificate (if you have one)

If you've purchased a certificate from Verisign (or another provider) you need to import the certificate into your J2SE keystore.
Try using the following command keytool -import -alias {myalias} -file {mycertificate} (I haven't been able to test this since I don't have a proper certificate)
Run keytool -list to see your new certificate
Next you must export the certificate so you can import it to your phone
Run keytool -export -alias {myalias} -file mycertificate.crt
Import the certificate into your phone (see below for details)

Create and import a new (test) certificate

You need to use keytool (from the JDK)
I used the following command keytool -genkey -alias {myalias} -keyalg RSA -validity 365
This will prompt you for a keystore password, enter your keystore password (if you have an existing keystore) or the one you want to use if you don't have one yet
Fill in all the prompts about location/company name etc.
Run keytool -list to see your new certificate
Next you must export the certificate so you can import it to your phone
Run keytool -export -alias {myalias} -file mycertificate.crt
Import the certificate into your phone (see below for details)

C:\j2sdk1.4.2_08\bin>keytool -genkey -alias company -keyalg RSA -validity 365
Enter keystore password: password
What is your first and last name? [Unknown]: My Name
What is the name of your organizational unit? [Unknown]: company
What is the name of your organization? [Unknown]: company
What is the name of your City or Locality? [Unknown]: location
What is the name of your State or Province? [Unknown]: location2
What is the two-letter country code for this unit? [Unknown]: GB
Is CN=My Name, OU=company, O=company, L=location, ST=location2, C=GB correct? [no]: yes
Enter key password for (RETURN if same as keystore password):

Build and package the application

Use javac to build your MIDlet paying special attention to your classpath and bootclasspath options (otherwise preverification will fail). I also set target to 1.1 and source to 1.3
Generate your JAD file the critical attributes in the JAD are
MIDlet-Jar-URL, MIDlet-Jar-Size, MIDlet-Permissions we also included MIDlet-Icon, MicroEdition-Configuration, MicroEdition-Profile, MIDlet-Name, MIDlet-Push-1, MIDlet-Icon, MIDlet-Description and MIDlet-Version
Generate the MANIFEST.MF file based on your JAD, you must remove MIDlet-Jar-Size and MIDlet-Jar-URL


Both these tasks can be completed using the wtkJad Antenna task
Package and preverify the app using the wtkPackage Antenna Task you must set the classpath and bootclasspath properties correctly otherwise Preverification will fail


Sign the application

Sign the Application using jarsigner
Run jarsigner -keystore {mykeystore} -storepass (mypassword} {myjar} {myalias}
Now you have a signed jar you need to update the MIDlet-Jar-Size in your JAD
Now add the certificate to the JAD using JadTool.jar from the WTK
Run java -jar JadTool.jar -addcert -alias {myalias} -storepass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}
Now add the signature to the JAD again using JadTool.jar
Run java -jar JadTool.jar -addjarsig -alias {myalias} -jarfile {myjar} -storepass {mypassword} -keypass {mypassword} -keystore {mykeystore} -inputjad {myinputjad} -outputjad {myoutputjad}

Deployment

Deploy this to a web server with the MIME types set correctly and download it to your phone and it will be a trusted 3rd party application
You can also deploy applications to phones by sending the JAR & JAD to the phone over Bluetooth or Infrared or a cable depending on your phones features. On Nokia phones the files

appear in your SMS Inbox

Installing the Certificate on the phone

Import the certificate into your phone, in Windows XP SP2 I could do

this by right clicking the file and selecting "Send to Bluetooth Device",

you should be able to send files by cable or Infra Red (IR) too. NB: I

haven't found anyway of importing a certificate on a Series 40 phone
Once the certificate is installed it needs to be authorised for

"Application Installation". On my phone (Nokia 6680) this is under

Tools->Settings->Certificate Management->Trust Settings, I turned on

everything but I think "Application Installation" is all you need

Common Problems

Application not installed using the JAD: The application is only trusted if it is installed using the JAD, the application will still install from the jar but it won't be trusted.
Application trust settings not set: Once your application is installed you need to specify how much trust to give it (it doesn't get all permissions by default). On a Nokia Series 60 phone these are found under the App. Manager.
Root certificate missing from phone: The Java Verified certificate and/or Verisign certificates are missing from some phones check under Tools->Settings->Certificate Management for the relevant certificate
Authorization Failed: - There are a whole host of possible reasons behind this here are the ones I've come across

Certificate missing from phone, double check your certificate is installed and has been marked as trusted for application installs in Certificate Management
Reboot: Uninstall the application completely then reboot your phone try taking the battery and SIM out too, often things get themselves in a twist, especially if you've been re-installing a lot without uninstalling first
JAD/JAR mismatch: Double check the application size in the JAD, remember it's the number of bytes that is important NOT the size on disk
Browser cache: If you're installing over the air make sure you clear your browser cache before installing
I've heard but not verified that line breaks in the MIDlet-Permissions can cause problems but it seems ok to me on Nokia 6680/6630/6230i (could be firmware dependent?)
The MIDlet-Permissions attribute is the cause of a lot of problems (especially since the documentation is often wrong/missing or different depending on the phone), try leaving it out first and add permissions in one at a time. Some phones will complain about permissions they don't support, some will ignore them


There is a bug in some early Nokia 6600 firmwares that stop the install of trusted MIDlets
Certificate not valid yet: If you generated the certificate yourself it may have a start validity date of tomorrow, also if your PC and phone dates are different you may be outside the period of validity of the certificate
No certificate management on Series 40 phones, you can install a signed application but behavior is strange with self signed certificates
JadTool problems: I haven't experienced any of these issues but lots of other people have

"I have issues if I try to use the jadtool manually. I have a certificate chain and can't seem to get the second certificate added to the JAD file using any WTK jadtool. The interesting part however is that I can successfully sign the midlet using any of the same WTK GUI interfaces - they add the second certificate correctly. My steps:

Use 1.4.2_06 jarsigner.exe to sign jar
Use WTK (2.2 or 2.3 beta) jadtool to addcert with certnum 1
If I call jadtool to addcert with certnum 2 the same certificate is inserted as cert 1-2 I'm assuming I am doing something incorrectly since the WTK gui seems to be working just fine"


"I received a post on the KVM news group on the topic that states there is a bug in the jadtool and the author claims to have filed a bug report and posted a patch: http://archives.java.sun.com/cgi-bin/wa?A2=ind0508&L=kvm-interest&F=&S=&P=9858 One interesting note that was also posted was that the cert JAD params are static so once you get them from the WTK correctly you can put them statically in the ant script."
"I am trying to sign a MIdlet for Nokia 6620 device. I am using a Verisign Code Signing certificate that actually contains two certificates (User and Intermediate CA). I am using the WTK 2.2 signing tool. Do you know if this tool support two certificates when signing ? The signature is added to the JAD file with two certificates but I have been getting security error when installing. I have checked on the device and there are different root certificates installed for Verisign but it still fails !
"If you want, you can download the sprintpcs developer kit as it supports dual certs (http://developer.sprintpcs.com). However, I never got that cert to work on the Nokia (6620/cingular) phone, although it does work on sprint phones (with developer root enabled). Ultimately, I only got things to work by creating the cert as described in this blog and installing that on the phone. Bizarrely, even though the root cert for my versign-signed cert *was* on the 6620 phone, it still would never install my MIDlet as you would think it should."


Old phones (6230/i, 6682) don't support x509 certificates, WPKI has been suggested as a possible solution but I haven't investigated this
Socket connections can be problematic (http://discussion.forum.nokia.com/forum/showthread.php?t=68306 ) possibly due to the WAP infrastructure and the services provided by an operator. HTTP is a much safer protocol to use
"Go online and check application validity": Yes/No. If I click on yes button the phone I get the following error: "Certificate revoked for this application" and the installation fails. To rectify this go to Tools -> Manager -> Menu -> Settings -> Online Certif Check [ On / Off / Required] There is also a Default address setting. If the online control setting is required, the check will fail, if there is no default address. see http://discussion.forum.nokia.com/forum/showthread.php?t=71071

Trust Domains

There are 4 different trust domains in MIDP2 (manufacturer, operator, trusted third party, and untrusted). Trusted Third Party is the only one of any use to us really.It gives the following options on my Nokia 6680 (Vodafone UK):
    Network Access: Not Allowed, Ask every time, Ask first time

    Messaging: Not Allowed, Ask every time App

    Auto-Start: Not Allowed, Ask every time, Ask first time

    Connectivity: Not Allowed, Ask every time, Ask first time, Always allowed

    Multimedia: Not Allowed, Ask every time, Ask first time

    Read User Data: Not Allowed, Ask every time, Ask first time, Always allowed

    Edit User Data: Not Allowed, Ask every time, Ask first time, Always allowed
These settings are defined by the operator and the phone manufacturer and therefore vary between phone, manufacturer and operator.

Unresolved Problems

I managed to sign the JAD with this format using J2ME WTK utilities, but when trying to install it on the device I get a message "Application authentication failed 909".

Sample JAD
MIDlet-Jar-URL: MyApp.jar
MIDlet-Jar-Size: 201365
MIDlet-Name: MyApp
MIDlet-Vendor: EC1M
MicroEdition-Profile: MIDP-2.0
MicroEdition-Configuration: CLDC-1.1
MIDlet-Icon: logo.png
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-Description: MyApp MIDlet
MIDlet-Permissions: javax.microedition.io.PushRegistry,javax.microedition.io.Connector.sms...
MIDlet-Version: 1.0.67 MIDlet-1: MyApp, logo.png,net.ec1m.MyApp.midp.MyAppMIDlet
MIDlet-Certificate-1-1: MIICODCCAaECBEKqpfswDQYJKoZIhvcNAQEEBQAwYz...=
MIDlet-Jar-RSA-SHA1: EUsAch/.../hEZOsJsiCjBOhNs/3FSw4=

Sample Manifest

Manifest-Version: 1.0
MIDlet-Name: MyApp  
Created-By: 1.4.2_05-b04 (Sun Microsystems Inc.)
MIDlet-Push-1: sms://:6553,net.ec1m.MyApp.midp.MyAppMIDlet,*
MIDlet-1: MyApp, logo.png, net.ec1m.MyApp.midp.MyAppMIDlet
MicroEdition-Configuration: CLDC-1.1
Ant-Version: Apache Ant 1.6.2
MIDlet-Icon: logo.png
MIDlet-Vendor: EC1M
MIDlet-Permissions: javax.microedition...
MIDlet-Version: 1.0.67
MicroEdition-Profile: MIDP-2.0
MIDlet-Description: MyApp MIDlet

Sample Ant Build File
I've put our EC1M ant build file up on our website to (hopefully) make all this a little easier for you.
Other Resources
This FAQ on the Nokia Forum is worth a read.

回复收藏 0 原文

倥絔 2024-08-11 03:40:12

步骤一：
创建可能由步骤 2 提出的 CSR 请求

1) Creating keystore and using that generate CSR file.
2) Perform steps given by certificate authority and download CSR and private key files.

：
将您的信息提供给证书颁发机构进行验证。

步骤3：
您将获得用于代码签名的证书。

步骤4：
您需要下载中间证书和根证书。

步骤5：
现在您将拥有 your_domain_name.crt、IntCertCA.crt、TrustedRoot.crt

Now you need to create a chained certificate by combining all above certificates.

1) Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

    The Primary Certificate - your_domain_name.crt
    The Intermediate Certificate - IntCertCA.crt
    The Root Certificate - TrustedRoot.crt
    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    -----BEGIN CERTIFICATE----- 
    (Your Primary SSL certificate: your_domain_name.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Intermediate certificate: IntCertCA.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Root certificate: TrustedRoot.crt) 
    -----END CERTIFICATE-----

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

第 6 步：
将私钥导入您的your_domain_name.pem

    openssl pkcs12 -export -in your_domain_name.pem -inkey your_private_key.key -out output_file_name.p12 -name your_alias


    NOTE: PLEASE REMOVE \ FROM FOLLOWING COMMANDS AND EXECUTE ( \ IS BASICALLY COMMAND CONTINUETY )

步骤7：
从output_file_name.p12创建密钥库

    keytool -importkeystore \
     -deststorepass changeit -destkeypass changeit -destkeystore your_domain_keystore.ks \
     -srckeystore output_file_name.p12 -srcstoretype PKCS12 -srcstorepass your_store_password \
     -alias your_alias

第8步：
注意：请在触发以下命令之前备份您的 JAD 文件。

    Add your certificates to your your_midlet_name.jad file.

    java -jar JadTool.jar -addcert -alias your_alias \
    -storepass your_store_password \
    -keystore your_domain_keystore.ks \
    -inputjad your_midlet_name.jad -outputjad your_midlet_name.jad

步骤9：
注意：请在触发以下命令之前备份您的 JAD 文件。

    Sign your midlet, also use your_midlet_name.jad file generated from Step8.

    java -jar JadTool.jar -addjarsig \
    -alias your_store_password \
    -storepass your_store_password \
    -keypass your_store_password \
    -keystore your_domain_keystore.ks \
    -inputjad your_midlet_name.jad -outputjad your_midlet_name.jad

Step1:
Create CSR request which may be raised by

1) Creating keystore and using that generate CSR file.
2) Perform steps given by certificate authority and download CSR and private key files.

Step2:
Give your information to certificate authority for verification.

Step3:
You will be provided a certificate for code signing.

Step4:
You need to down load intermediate certificate along with root certificate.

Step5:
Now you will be having your_domain_name.crt, IntCertCA.crt, TrustedRoot.crt

Now you need to create a chained certificate by combining all above certificates.

1) Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

    The Primary Certificate - your_domain_name.crt
    The Intermediate Certificate - IntCertCA.crt
    The Root Certificate - TrustedRoot.crt
    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    -----BEGIN CERTIFICATE----- 
    (Your Primary SSL certificate: your_domain_name.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Intermediate certificate: IntCertCA.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Root certificate: TrustedRoot.crt) 
    -----END CERTIFICATE-----

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

Step6:
Import private key into your your_domain_name.pem

    openssl pkcs12 -export -in your_domain_name.pem -inkey your_private_key.key -out output_file_name.p12 -name your_alias


    NOTE: PLEASE REMOVE \ FROM FOLLOWING COMMANDS AND EXECUTE ( \ IS BASICALLY COMMAND CONTINUETY )

Step7:
Create keystore from output_file_name.p12

    keytool -importkeystore \
     -deststorepass changeit -destkeypass changeit -destkeystore your_domain_keystore.ks \
     -srckeystore output_file_name.p12 -srcstoretype PKCS12 -srcstorepass your_store_password \
     -alias your_alias

Step8:
NOTE: PLEASE TAKE BACKUP OF YOUR JAD FILE BEFORE TRIGGERING FOLLOWING COMMANDS.

    Add your certificates to your your_midlet_name.jad file.

    java -jar JadTool.jar -addcert -alias your_alias \
    -storepass your_store_password \
    -keystore your_domain_keystore.ks \
    -inputjad your_midlet_name.jad -outputjad your_midlet_name.jad

Step9:
NOTE: PLEASE TAKE BACKUP OF YOUR JAD FILE BEFORE TRIGGERING FOLLOWING COMMANDS.

    Sign your midlet, also use your_midlet_name.jad file generated from Step8.

    java -jar JadTool.jar -addjarsig \
    -alias your_store_password \
    -storepass your_store_password \
    -keypass your_store_password \
    -keystore your_domain_keystore.ks \
    -inputjad your_midlet_name.jad -outputjad your_midlet_name.jad

回复收藏 0 原文

~没有更多了~