How to create a keystore for jar-file signing and how to export the certificate for use with Lotus Domino policies to broadcast the trust to Notes clients.
WordPress Websites for Engineers: Elevate Your Brand
Creating a keystore for plugin signing the easy way
1. How to create a Java keystore
for plugin signing the easy way
Mikkel Flindt Heisterberg
OnTime by IntraVision
2. Create the keystore
• Use iKeyMan to create the keysore
– <Notes>jvmbinikeyman.exe i.e. C:Notes8jvm
binikeyman.exe
• Create keystore of
type JCEKS and
specify a password
for the keystore
• Note the directory
where you create the
keystore
3. Create self-signed certificate
• In ”Personal Certificates” click ”New Self-
Signed...” and fill in the fields.
• Make sure to adjust the
validity perido of the
certificate
• Note the ”Key Label”
you specify (here it’s
”signerkey”)
• Exit iKeyman
4. Verify keystore
• In a DOS prompt use the KeyTool from the JDK
to verify the keystore
– If you haven’t got a JDK installed use the one
installed with Notes
(<Notes>jvmbinkeytool.exe)
• C:Notes8jvmbinkeytool.exe -keystore
keystore.jck -storetype jceks -list -v
6. Export certificate
• Now export the certificate that is the
certificate to verify jar-file signatures
– Again using the keytool as before
– This creates mycert.der which is the file you
import into Domino Directory
• C:Notes8jvmbinkeytool.exe -keystore
keystore.jck -storetype jceks –export
–file mycert.der –alias signerkey
12. Trust
• Next steps are to
– Cross certify the imported internet certificate with
your a Notes certifier
– Use policies (Security settings) to broadcast the
internet certificate and cross certification of the
internet certificate to Notes clients
– The option is on the ”Keys and Certificates” tab
under ”Administrative Trust Defaults”
13. Sign jar-file using keystore
• You sign jar-files using the jarsigner.exe tool
from the JDK
– Again you can use the one installed with the Notes
JVM if need be
• C:Notes8jvmbinjarsigner.exe -keystore
keystore.jck -storetype jceks –signedjar
signed.jar myfile.jar signerkey