java - Jarsigner: "This jar contains entries whose certificate chain is not validated."

Question

我在自签名 jar 上收到以下错误:

jar verified.

Warning:
This jar contains entries whose certificate chain is not validated.

Re-run with the -verbose and -certs options for more details.

我在 jar 上签名是这样的:

"C:\Program Files\Java\jdk1.7.0\bin\jarsigner" -keystore myKeyStore myJar.jar myAlias

我的 jar 有 2 个入口点:一个用于 java web 启动，一个用于 applet。

• 如果我以 java web 启动方式运行 jar，则没有发生。
• 但如果我将 jar 作为小程序运行。当我尝试访问 jar 中嵌入的位图资源时，有时会收到强烈的安全警告。

使用 -verbose 和 -certs 选项会显示很多行。我对此一无所知。这是输出:output.txt (下面转载6307行的一部分)。

s     157850 Tue Nov 08 12:57:44 CET 2011 META-INF/MANIFEST.MF

      X.509, O=keyja.com
      [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
      [CertPath not validated: null]

      112909 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.SF
        1108 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.RSA
sm       180 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/k.class

      X.509, O=keyja.com
      [certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
      [CertPath not validated: null]

sm       252 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/r.class
...
(around 6000 lines of other output along the same lines)

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

Warning: 
This jar contains entries whose certificate chain is not validated.

如何签署 jar 文件？

Answer 1

我猜只有一行回答了你的问题。如果你仔细观察，你就会看到它。在这里

---

[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]

正如我所希望的，您知道今天不是 7 月 24 日，因此您只需重新签署您的应用