Re: Certificate of JNLPAppletLauncher
Posted by Sven Gothel on
URL: https://forum.jogamp.org/Certificate-of-JNLPAppletLauncher-tp4025405p4025411.html
On 07/04/2012 08:22 AM, Adrian [via jogamp] wrote:
> Hi i was looking to deploy an applet using JOGl, the webpage starts the applet
> using the JNLPAppletLauncher from applet-launcher.jar int the
> /deployment/webstart directory. When i load my applet i am first prompted to
> accept the main certificate which is fine, but i am also warned that the
> certificate for JNLPAppletLauncher has expired.
>
> Certifacte details:
> Version: V3
> Serial Number: 260553189
> Publisher: PN: Project Jogamp
>
> The email address in the subject field is of michael bein.
>
> Would it be possible to have this certificate updated?
>jogamp.org/deployment/webstart/jar/applet-launcher.jar:
> cd jogamp.org/deployment
> ls -l
webstart -> v2.0-rc9
> cd webstart/jar
> jarsigner -verify -verbose -certs applet-launcher.jar
1864 Wed Jun 20 08:30:52 CEST 2012 META-INF/MANIFEST.MF
1730 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.SF
3779 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.RSA
0 Sat Sep 17 19:42:24 CEST 2011 META-INF/
0 Sat Sep 10 16:19:36 CEST 2011 org/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/util/
sm 3906 Sat Sep 10 16:19:36 CEST 2011 org/COPYRIGHT.txt
X.509, CN=Sven Gothel, OU=Individual Developer, O=No Organization Affiliation, L=Bremerhaven, ST=Bremen, C=DE
[certificate is valid from 2/10/12 1:00 AM to 2/10/14 12:59 AM]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 2/8/10 1:00 AM to 2/8/20 12:59 AM]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 11/17/06 1:00 AM to 7/17/36 1:59 AM]
[KeyUsage extension does not support code signing]
... etc
so I assume your 'cache' is not updated for whatever reason.
Do: 'javaws -uninstall'
> Additionally i was wondering why the main certificate identifies Sven Gothel
> as the publisher rather than Jogamp? (PS, i do realize that Sven is a/the
> major contributor) Personally i would prefer that Jogamp was the publisher (no
> offense Sven).
No offense ..
I tried to have it as 'jogamp.org community' but it's not possible
since we are not [yet] a foundation or company. Only for those it's
possible to have a cert holder name like that, i.e. it must legally exist.
Hence I could only get the 'individual developer' class ..
> I think some users may find a certificate identified as that of
> an individual somewhat suspicious.
Well .. you can have that opinion, sure.
My motivation showing 'jogamp community' is to give the user
a known name they can associate, since I cannot expect them to
know my name :)
> I know the certificate is verified but end
> users may not understand this.
I don't think this is the case, i.e. the name makes a difference here.
However, if there is anybody out there liking to get into the hurdles
of creating 'The JogAmp Foundation' legally in some country .. we can talk
about that.
>
> Thanks in advance, both for any assistance and for JOGL libs (I'm quite
> impressed).
>
You are very welcome.
~Sven
URL: https://forum.jogamp.org/Certificate-of-JNLPAppletLauncher-tp4025405p4025411.html
On 07/04/2012 08:22 AM, Adrian [via jogamp] wrote:
> Hi i was looking to deploy an applet using JOGl, the webpage starts the applet
> using the JNLPAppletLauncher from applet-launcher.jar int the
> /deployment/webstart directory. When i load my applet i am first prompted to
> accept the main certificate which is fine, but i am also warned that the
> certificate for JNLPAppletLauncher has expired.
>
> Certifacte details:
> Version: V3
> Serial Number: 260553189
> Publisher: PN: Project Jogamp
>
> The email address in the subject field is of michael bein.
>
> Would it be possible to have this certificate updated?
>
> cd jogamp.org/deployment
> ls -l
webstart -> v2.0-rc9
> cd webstart/jar
> jarsigner -verify -verbose -certs applet-launcher.jar
1864 Wed Jun 20 08:30:52 CEST 2012 META-INF/MANIFEST.MF
1730 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.SF
3779 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.RSA
0 Sat Sep 17 19:42:24 CEST 2011 META-INF/
0 Sat Sep 10 16:19:36 CEST 2011 org/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/
0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/util/
sm 3906 Sat Sep 10 16:19:36 CEST 2011 org/COPYRIGHT.txt
X.509, CN=Sven Gothel, OU=Individual Developer, O=No Organization Affiliation, L=Bremerhaven, ST=Bremen, C=DE
[certificate is valid from 2/10/12 1:00 AM to 2/10/14 12:59 AM]
X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
[certificate is valid from 2/8/10 1:00 AM to 2/8/20 12:59 AM]
[KeyUsage extension does not support code signing]
X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
[certificate is valid from 11/17/06 1:00 AM to 7/17/36 1:59 AM]
[KeyUsage extension does not support code signing]
... etc
so I assume your 'cache' is not updated for whatever reason.
Do: 'javaws -uninstall'
> Additionally i was wondering why the main certificate identifies Sven Gothel
> as the publisher rather than Jogamp? (PS, i do realize that Sven is a/the
> major contributor) Personally i would prefer that Jogamp was the publisher (no
> offense Sven).
No offense ..
I tried to have it as 'jogamp.org community' but it's not possible
since we are not [yet] a foundation or company. Only for those it's
possible to have a cert holder name like that, i.e. it must legally exist.
Hence I could only get the 'individual developer' class ..
> I think some users may find a certificate identified as that of
> an individual somewhat suspicious.
Well .. you can have that opinion, sure.
My motivation showing 'jogamp community' is to give the user
a known name they can associate, since I cannot expect them to
know my name :)
> I know the certificate is verified but end
> users may not understand this.
I don't think this is the case, i.e. the name makes a difference here.
However, if there is anybody out there liking to get into the hurdles
of creating 'The JogAmp Foundation' legally in some country .. we can talk
about that.
>
> Thanks in advance, both for any assistance and for JOGL libs (I'm quite
> impressed).
>
You are very welcome.
~Sven
signature.asc (910 bytes) | Free forum by Nabble | Edit this page |