Sickpea

How To Self-Sign a Java Applet

Wednesday, 15 July 2009

I don't do much Java stuff anymore, but I did come across the need to sign an SSH applet recently so that I could embed it into a web page.

Unsigned applets can only connect to the server they are served from. This is a bit limiting if you want a web-based SSH session. Self-signing an applet "solves" this problem, but remember that just because an applet is signed doesn't mean you should trust it!

Here's how to do it yourself (change the name/credentials/jar to your own, obviously): 

$ keytool -genkey -alias sickpea -validity 3650 -dname \
    "CN=Sickpea, OU=Engineering, O=Sickpea, L=San Francisco, S=CA, C=US"
$ keytool -selfcert -alias sickpea -validity 3650
$ jarsigner mindterm.sickpear.jar sickpea

In this example, the signed JAR will be valid for about 10 years.

Hi, I'm Adrian (@sickp).

I like to build things: websites, games, robots, and mobile apps. I'm a software tinkerer and an MIT-approved engineer (i.e. they can ask me for money.)

During the day I help build fine games at Wonderhill, and lend my expertise to other Ooga Labs companies. In my spare time, I create useful iPhone apps at Zooble with my wife, Alexandra.

Twitter Sickpea Feed - Atom

You should follow me on Twitter and subscribe to this site's RSS feed.

© 1988-2010 Adrian B. Danieli. Some rights reserved.