Signing custom-truststore.jar with separate code-signing certificate
search cancel

Signing custom-truststore.jar with separate code-signing certificate


Article ID: 211233


Updated On:


CA Release Automation - Release Operations Center (Nolio)


We tried to configure the SSL for ASAP, post configuration when we are trying to launch ASAP we are getting error "Unable to launch application: unsigned application"


Release : 6.x



The custom-truststore.jar is not been signed correctly or been signed with certificate which doesn't allows code signing.


You can validate the same by running command and check section Warning in output for warning "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing"

jarsigner –verify –verbose –certs custom-truststore.jar


Firstly, get the certificate whose extended key usage allow code-signing and extract code-signing keystore (JKS) file. The code signing certificate is must for ASAP SSL configuration.

For ASAP configuration please make sure you follow/execute steps mentioned for SSL configuration in documentation, with below mentioned consideration. The summary of step will be as below

  1. keytool -exportcert -alias ALIAS -file code-signingms.crt -keystore conf/code-signing-keystore.jks  -v
  2. keytool -importcert -alias ALIAS -file code-signingms.crt -keystore nolio.jks -v -rfc
  3. jar cvf custom-truststore.jar nolio.jks
  4. jarsigner -keystore conf/code-signing-keystore.jks -verbose  -keypass <password> custom-truststore.jar ALIAS
  5. For verification only: jarsigner –verify –verbose –certs custom-truststore.jar
  6. Move the custom-truststore.jar file to RA_HOME\webapps\nolio-app\apps\v2.0.0\lib
  7. Create or edit the file that is named at RA_HOME\conf and populate the file with the following line: The password below should be the one used in step 3

ui.trustStorePassword=<Plain text password for nolio.jks> 


Additional Information

Release Automation 6.7 the ASAP (Automation Studio) java-based client has been deprecated. All functionality has been moved into the browse based ROC (Release Operations Center). 
If you only use ROC over SSL (and not ASAP), then you do not need the jarsigner step.