{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《How do I import the private and public keys (pvk,s》','https://www.manongdao.com/q-1374258.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We have Microsoft Authenticode certificates purchased from Thawte (.cer, pvk and spc files) and want to reuse them to sign java jar files. see http://www.thawte.com/code-signing/index.html In other words, I do not want to make a second (and unnecessary) purchase - to buy the Java code signing certs also listed below on that page. Note: Thawte allows this but will not support it.
Thawte_Code_Signing_Intermediate_CA.cer, Thawte_Primary_Intermediate_Root_CA.cer, Thawte_Primary_Root_CA_Cross.cer
I have the pvk and spc files.
How do I import the private and public keys and certificates into the keystore?
Following the steps here http://docs.oracle.com/javase/tutorial/security/toolsign/signer.html
keytool -import -trustcacerts -keystore mykeystore -alias primary_root -file Thawte_Primary_Root_CA_Cross.cer
keytool -import -trustcacerts -keystore mykeystore -alias intermediate_root -file Thawte_Primary_Intermediate_Root_CA.cer
keytool -import -trustcacerts -keystore mykeystore -alias myalias -file Thawte_Primary_Intermediate_Root_CA.cer
Trying to use Netbeans7.3 to sign the jar by pointing it to the keystore and doing a build produces:
jarsigner: Certificate chain not found for: primary_root. primary_root must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I realize I must import the private and public keys and certificates into the keystore, but it is not clear how. Posts like this talk of .crt files, so it does not seem the same thing. https://stackoverflow.com/a/8224863/398348 also https://stackoverflow.com/a/9131421/398348
unable to load PKCS7 object
More details would help, however the files you list here seem to be CA certificate chain certificates e.g. none of the file names seem to indicate that it contains a code signing certificate. Guessing from your file names, you need to import the .spc and .pvk file to the keystore.
You have to have access to an OpenSSL command line tool to do that. Either use Linux/Unix machine or install CygWin to get access to it.
Convert spc file to a more sane format:
Use OpenSSL to convert keypair (correct .crt and corresponding .pvk file) to a PKCS#12 keystore
Convert PKCS#12 format file into Java keystore format
See also:
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html
importing an existing x509 certificate and private key in Java keystore to use in ssl
It is clear that you type wrong alias "primary_root" when trying to sign your jar.
Check your alias, using