更改 jar 过期时间

发布于 2024-10-27 03:38:41 字数 359 浏览 1 评论 0原文

我需要将证书签名的 jar 的到期日期更改为 30 天。因此，我按顺序执行（我为第一个命令提供相关输入）。但是，尽管 -validity 选项指定为 30 天，但 jarsigner 命令表示证书将在 6 个月后过期（默认情况下）。我怎样才能改变这个想法？以下是我使用的命令列表

keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias

原文

I need to change expiry date of jar being signed by a certificate to say 30 days. Hence I execute in sequence (I provide relevant inputs for the first command). But in-spite of the -validity option being given as 30 days, the jarsigner command says the certificate expires after 6 months(which is default). How can I change this any idea ? Below is the list of commands i use

keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

醉城メ夜风 2024-11-03 03:38:41

您的密钥的有效期为 30 天；未指定您生成并使用该密钥签名的证书，因此默认为 180 天。
此处重要的是 -selfcert 命令中指定的 -validity 标志的值。我刚刚测试了这一点：

cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias

当浏览器弹出对话框时，我可以验证到期日期是否被列为今天 + 30 天。 jarsigner -verbose -certs -verify myApplet.jar 更加详细，还列出了证书和密钥的摘要：

sm       697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 12/31/11 12:48 PM]

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest

其中 12/31/11 是距我现在测试的 30 天，另一个日期是我创建密钥库后 90 天，我可以使用 keytool -v -list -keystore myKeystore-TEST 进行验证。 keytool 的手册页显示 90 天是密钥的默认期限。

Your key has a validity of 30 days; the certificate that you are generating and signing with that key is not being specified, and so defaults to 180 days.
It is the value of the -validity flag specified in the -selfcert command that is important here. I just tested this:

cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias

and when the browser popped up the dialog, I could verify that the expiration date was listed as today+30 days. jarsigner -verbose -certs -verify myApplet.jar is much more verbose, listing summary of the certificate and the key as well:

sm       697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 12/31/11 12:48 PM]

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest

Where 12/31/11 is 30 days from my test now, and the other date is 90 days after I created the keystore, which I can verify with keytool -v -list -keystore myKeystore-TEST. The man page for keytool says 90 days is the default for keys.

回复收藏 0 原文

~没有更多了~