Java 1.8 jnlp on OS X

Mon Sep 29 15:56:44 UTC 2014

Java's code signer specifically needs a Java code signing cert. You can make one yourself for testing using "keytool", just be sure to import the private key as a "Signer CA" certificate in the Java Control Panel and it will treat it as a bona-fide CA signed certificate. I've never purchased one from a CA so I can't really comment on that or recommend any service.

As to using webstart or not, it depends on how you want to distribute your application. The primary purpose for webstart is application that are run directly from HTTP sources without needing to be installed. This is generally recommended for large and complex enterprise type applications where components may be updated frequently as webstart handled those updates for you. I don't recommend it for small applications as it's a bit of overkill (though it does work...)

With the changes recently made to Java Packager, there's little to no reason not to bundle it with a JRE and distribute it like a native application. When you bundle as a native app, you don't need to codesign your jar files, the entire bundle is signed with your Developer ID. We've got more features coming to Java Packager, including being able to share a JRE between a number of applications you create (think of something like MS Office or Adobe CS). You should also be able to distribute applications via Mac App Store, the packager has support specifically for that.

-DrD-

> Not sure this is a proper list for much anymore except discussion but that might be all this really calls for right now.
> I’m trying to figure out how to run some jnlp with java 1.8. That now seems to set the default security setting to High. 
> So you need to sign with a valid certificate. 
> Why not the Apple Developer ID one? 
> I exported that and got it into a keystore…
> Your keystore contains 1 entry
> 
> michael hall , Sep 27, 2014, PrivateKeyEntry, 
> 
> that I’m trying to use to sign but I get this…
> 
> jarsigner: Certificate chain not found for: eg.  eg must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
> 
> I’m not sure if the problem is that there is no public key entry in the keystore. Or no CA cert for Apple in the cacerts file - there doesn’t appear to be one. Assuming I can figure out how to get the public key entry for the developer ID cert in the keystore the problem is the Apple CA cert.
> Is there any way to get one?
> Is there any reason not to get one?
> 
> If this isn’t the way to go I’ve heard that signing certs are reasonably priced. Any suggestions where to get one in this ‘cheap' category?
> 
> Is JWS just not the way to go anymore? Go with JavaFX, or…?
> 
> Michael Hall
> 
> trz nio.2 for OS X http://www195.pair.com/mik3hall/index.html#trz
> 
> HalfPipe Java 6/7 shell app http://www195.pair.com/mik3hall/index.html#halfpipe
> 
> AppConverter convert Apple jvm to openjdk apps http://www195.pair.com/mik3hall/index.html#appconverter
> 
> 
> 
> 