Hello, Jan.
Try this:
You can add certs to the GlassFish keystore. Shing-Wai has written up a
nice blog on this:
http://blogs.sun.com/swchan/entry/how_to_use_verisign_cert
Then, in your domain.xml, either using a text editor or using the admin
console, define the system property
com.sun.aas.jws.signing.alias
so its value is the alias in the keystore of the cert you want your app
client JAR signed with. Whenever GlassFish needs to sign a JAR as part
of the automatic Java Web Start support it will use that alias.
If you hand-edit the domain.xml, DO SO CAREFULLY! and look for
<jvm-options> entries and add one like this:
<jvm-options>-Dcom.sun.aas.jws.signing.alias=myAlias</jvm-options>
Redeploy your application to trigger signing with the newly-specified alias.
Also, the appserv-jwsacc.jar file which contains the Java Web
Start-aware app client container must also be signed. GlassFish does
this automatically the first time you launch an app client using Java
Web Start after you've created the new domain (which also happens as
part of installation). Look for that file at the top-level of the
java-web-start directory under the domain directory. If that file is
there, rename it to appserv-jwsacc.jar.save (for example). Then the
next time you launch an app client using Java Web Start, GlassFish will
create a new version of the signed appserv-jwsacc.jar using the alias
you set up with the system property.
Please try this and let us know how it goes.
- Tim
glassfish_at_javadesktop.org wrote:
> Hi,
>
> I've a little problem and I hope someone here can provide any help :)
>
> I deployed a business application on glassfish, the application includes a web-client and an application-client (java webstart) - both deployed within one enterprise application.
> The communication has be ssl secured, so I bought a VeriSign SSL-Certificate. Now the problem is, that the webstart application could not be started because the code is not signed. The server.log tells me "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing." The webstart-client tells me about invalid netscape-bits and does not allow to start the application.
>
> I called VeriSign technical support and the problem is, that a certificate can be a code-signing certificate OR ssl-certificate. Not both.
>
> Is there any option, to store two certificates in the keystore? In this case.. will glassfish identify the right cert in each case (ssl/codesinging) automatically? Or do you seen any other option?
>
> Thank you for any help!!
> Jan
> [Message sent by forum member 'jfbs' (jfbs)]
>
> http://forums.java.net/jive/thread.jspa?messageID=299786
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>