Signing custom-truststore.jar with separate code-signing certificate

book

Article ID: 211233

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

We tried to configure the SSL for ASAP, post configuration when we are trying to launch ASAP we are getting error "Unable to launch application: unsigned application"

Cause

The custom-truststore.jar is not been signed correctly or been signed with certificate which doesn't allows code signing.

 

You can validate the same by running command and check section Warning in output for warning "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing"

jarsigner –verify –verbose –certs custom-truststore.jar

Environment

Release : 6.6, 6.7

Component : CA RELEASE AUTOMATION REPOSITORY

Resolution

Firstly, get the certificate whose extended key usage allow code-signing and extract code-signing keystore (JKS) file. The code signing certificate is must for ASAP SSL configuration.

For ASAP configuration please make sure you follow/execute steps mentioned for SSL configuration in documentation, with below mentioned consideration.

  1.  
jarsigner -keystore code-signing.jks -verbose -keypass <password> custom-truststore.jar code-signing-alias