[sakai2-tcc] Blocker in the release

Anthony Whyte arwhyte at umich.edu
Thu May 30 14:30:29 PDT 2013 

Downloaded the cert again, deleted contents of keystore, re-imported cert, mailed keystore zip to Matt.  

slovo:keystore-20130402 arwhyte$ keytool -list -v -keystore sakai.keystore -alias sakai
Enter keystore password: @#(*$(@)  
Alias name: guessme
Creation date: May 30, 2013
Entry type: trustedCertEntry

Owner: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
Issuer: CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
Serial number: 426c249a122332236c8a8cbba63ea498
Valid from: Tue Apr 02 20:00:00 EDT 2013 until: Tue Jun 24 19:59:59 EDT 2014
Certificate fingerprints:
	 MD5:  F9:DE:77:CB:83:B1:36:DE:B2:E9:24:69:29:14:EA:75
	 SHA1: C6:50:89:A3:A0:A2:01:98:C6:35:6B:BF:5D:41:28:D7:73:6B:F3:55
	 Signature algorithm name: SHA1withRSA
	 Version: 3

Extensions: 

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

#3: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   Object Signing
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://cs-g2-crl.thawte.com/ThawteCSG2.crl]
]]

#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
  1.3.6.1.4.1.311.2.1.22
]

#6: ObjectId: 2.5.29.4 Criticality=false





On May 30, 2013, at 3:47 PM, Beth Kirschner wrote:

> Hmm. We may have to wait for Anthony or Sam :-/
> 
> - Beth
> 
> On May 30, 2013, at 3:27 PM, Matthew Jones <matthew at longsight.com> wrote:
> 
>> In the zip there are 4 files.
>> 
>>     4678  04-03-13 13:32   sakai.cer.pkcs7
>>     1509  04-03-13 15:41   sakai.cer.x509
>>     1047  04-02-13 17:41   sakai.csr
>>     2253  04-02-13 17:39   sakai.keystore
>> 
>> There is no crt file. The keystore only contains a private key that seems to only be signed for 3 months. There is nothing else that comes up in the keystore like the old keys.
>> 
>> keytool -list -v -keystore sakai.keystore
>> 
>> Owner: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
>> Issuer: CN=Sakai Foundation, OU=Sakai Project, O=Sakai Foundation, L=Ann Arbor, ST=Michigan, C=US
>> Serial number:
>> Valid from: Wed Apr 03 00:39:21 GMT 2013 until: Tue Jul 02 00:39:21 GMT 2013
>> 
>> Everything I've tried with keytool and the other files has lead to errors either on the jarsigner or on trying to import it into keytool.
>> 
>> 
>> On Thu, May 30, 2013 at 3:24 PM, Beth Kirschner <bkirschn at umich.edu> wrote:
>> Here's my notes from doing this sort of thing in the past:
>> 
>>   # default jre keystore $JAVA_HOME/jre/lib/security/cacerts
>>   # default jre keystore password: changeit
>>   # importing trusted cert into keystore
>>   $ keytool -import -keystore cacerts -file server.crt -alias samigo
>> 
>> - Beth
>> 
>> On May 30, 2013, at 3:00 PM, Matthew Jones <matthew at longsight.com> wrote:
>> 
>>> The release has encountered a snag which I don't have time at the moment to figure out as I have to fly in a few hours.
>>> 
>>> The code signing certificate for the samigo audio jar expires in a couple of days and we were going to sign the new release jar with a new key. This key was purchased back in April but I didn't try doing anything with it until today. It looks like it might contain everything that is needed, but the sakai.keystore is incomplete and I don't know how to import the keys into the keystore.
>>> 
>>> Anthony did this in the past and prepared this package this time. I have contacted him as well as Sam and I believe both are travelling so this might not be done until tomorrow at this point. This is just a heads up update.
>>> 
>>> I'd planned to have this out today, but spent an hour on this already getting nowhere. Either I'm missing a file, the initial private key is wrong, or I'm just not running the right command.
>>> 
>>> The 2.9.x nightly will be down and the 2.9.x-all build will not work until this is resolved.
>>> _______________________________________________
>>> sakai2-tcc mailing list
>>> sakai2-tcc at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>> 
>> 
> 
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc

More information about the sakai2-tcc mailing list