更改 jar 过期时间

发布于 2024-10-27 03:38:41 字数 359 浏览 5 评论 0原文

我需要将证书签名的 jar 的到期日期更改为 30 天。因此,我按顺序执行(我为第一个命令提供相关输入)。但是,尽管 -validity 选项指定为 30 天,但 jarsigner 命令表示证书将在 6 个月后过期(默认情况下)。我怎样才能改变这个想法?以下是我使用的命令列表

keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias

I need to change expiry date of jar being signed by a certificate to say 30 days. Hence I execute in sequence (I provide relevant inputs for the first command). But in-spite of the -validity option being given as 30 days, the jarsigner command says the certificate expires after 6 months(which is default). How can I change this any idea ? Below is the list of commands i use

keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

醉城メ夜风 2024-11-03 03:38:41

您的密钥的有效期为 30 天;未指定您生成并使用该密钥签名的证书,因此默认为 180 天。
此处重要的是 -selfcert 命令中指定的 -validity 标志的值。我刚刚测试了这一点:

cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias

当浏览器弹出对话框时,我可以验证到期日期是否被列为今天 + 30 天。 jarsigner -verbose -certs -verify myApplet.jar 更加详细,还列出了证书和密钥的摘要:

sm       697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 12/31/11 12:48 PM]

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest

其中 12/31/11 是距我现在测试的 30 天,另一个日期是我创建密钥库后 90 天,我可以使用 keytool -v -list -keystore myKeystore-TEST 进行验证。 keytool 的手册页显示 90 天是密钥的默认期限。

Your key has a validity of 30 days; the certificate that you are generating and signing with that key is not being specified, and so defaults to 180 days.
It is the value of the -validity flag specified in the -selfcert command that is important here. I just tested this:

cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias

and when the browser popped up the dialog, I could verify that the expiration date was listed as today+30 days. jarsigner -verbose -certs -verify myApplet.jar is much more verbose, listing summary of the certificate and the key as well:

sm       697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 12/31/11 12:48 PM]

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest

Where 12/31/11 is 30 days from my test now, and the other date is 90 days after I created the keystore, which I can verify with keytool -v -list -keystore myKeystore-TEST. The man page for keytool says 90 days is the default for keys.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文