[sakai2-tcc] Blocker in the release
Anthony Whyte
arwhyte at umich.edu
Thu May 30 14:30:29 PDT 2013
Downloaded the cert again, deleted contents of keystore, re-imported cert, mailed keystore zip to Matt.
slovo:keystore-20130402 arwhyte$ keytool -list -v -keystore sakai.keystore -alias sakai
Enter keystore password: @#(*$(@)
Alias name: guessme
Creation date: May 30, 2013
Entry type: trustedCertEntry
Owner: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
Issuer: CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
Serial number: 426c249a122332236c8a8cbba63ea498
Valid from: Tue Apr 02 20:00:00 EDT 2013 until: Tue Jun 24 19:59:59 EDT 2014
Certificate fingerprints:
MD5: F9:DE:77:CB:83:B1:36:DE:B2:E9:24:69:29:14:EA:75
SHA1: C6:50:89:A3:A0:A2:01:98:C6:35:6B:BF:5D:41:28:D7:73:6B:F3:55
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
#3: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
Object Signing
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://cs-g2-crl.thawte.com/ThawteCSG2.crl]
]]
#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
1.3.6.1.4.1.311.2.1.22
]
#6: ObjectId: 2.5.29.4 Criticality=false
On May 30, 2013, at 3:47 PM, Beth Kirschner wrote:
> Hmm. We may have to wait for Anthony or Sam :-/
>
> - Beth
>
> On May 30, 2013, at 3:27 PM, Matthew Jones <matthew at longsight.com> wrote:
>
>> In the zip there are 4 files.
>>
>> 4678 04-03-13 13:32 sakai.cer.pkcs7
>> 1509 04-03-13 15:41 sakai.cer.x509
>> 1047 04-02-13 17:41 sakai.csr
>> 2253 04-02-13 17:39 sakai.keystore
>>
>> There is no crt file. The keystore only contains a private key that seems to only be signed for 3 months. There is nothing else that comes up in the keystore like the old keys.
>>
>> keytool -list -v -keystore sakai.keystore
>>
>> Owner: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
>> Issuer: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
>> Serial number:
>> Valid from: Wed Apr 03 00:39:21 GMT 2013 until: Tue Jul 02 00:39:21 GMT 2013
>>
>> Everything I've tried with keytool and the other files has lead to errors either on the jarsigner or on trying to import it into keytool.
>>
>>
>> On Thu, May 30, 2013 at 3:24 PM, Beth Kirschner <bkirschn at umich.edu> wrote:
>> Here's my notes from doing this sort of thing in the past:
>>
>> # default jre keystore $JAVA_HOME/jre/lib/security/cacerts
>> # default jre keystore password: changeit
>> # importing trusted cert into keystore
>> $ keytool -import -keystore cacerts -file server.crt -alias samigo
>>
>> - Beth
>>
>> On May 30, 2013, at 3:00 PM, Matthew Jones <matthew at longsight.com> wrote:
>>
>>> The release has encountered a snag which I don't have time at the moment to figure out as I have to fly in a few hours.
>>>
>>> The code signing certificate for the samigo audio jar expires in a couple of days and we were going to sign the new release jar with a new key. This key was purchased back in April but I didn't try doing anything with it until today. It looks like it might contain everything that is needed, but the sakai.keystore is incomplete and I don't know how to import the keys into the keystore.
>>>
>>> Anthony did this in the past and prepared this package this time. I have contacted him as well as Sam and I believe both are travelling so this might not be done until tomorrow at this point. This is just a heads up update.
>>>
>>> I'd planned to have this out today, but spent an hour on this already getting nowhere. Either I'm missing a file, the initial private key is wrong, or I'm just not running the right command.
>>>
>>> The 2.9.x nightly will be down and the 2.9.x-all build will not work until this is resolved.
>>> _______________________________________________
>>> sakai2-tcc mailing list
>>> sakai2-tcc at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>
>>
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
More information about the sakai2-tcc
mailing list