[SOLVED] Thawte code signing issuer CA missing
Posted: 08 Jan 2021, 22:31
Hi,
while launching an applications with signed jar files, OpenWebStart complains with the message "The application's digital signature cannot be verified...". The certificate used to sign the jar files are issued from
CN=thawte SHA256 Code Signing CA - G2
and this is issued from
CN=thawte Primary Root CA - G3
I found, that only the "CN=thawte Primary Root CA - G3" is available in the OpenWebStart trust store. But the code signing CA "CN=thawte SHA256 Code Signing CA - G2" is missing. So OpenWebStart can't verify the trust chain. After downloading the "CN=thawte SHA256 Code Signing CA - G2" from Thawte and imported it, it works.
It would be great if this well known code signing CA from Thawte would be included via default in the OpenWebStart keystore to verify signed jars. Maybe all applications which are signed with a Thwate code signing certificate will have is issue. The manually step to download and import this missing CA may be an issue for OpenWebStart users.
Here are the details of this missing certificate: Thanks and regards,
Frank
while launching an applications with signed jar files, OpenWebStart complains with the message "The application's digital signature cannot be verified...". The certificate used to sign the jar files are issued from
CN=thawte SHA256 Code Signing CA - G2
and this is issued from
CN=thawte Primary Root CA - G3
I found, that only the "CN=thawte Primary Root CA - G3" is available in the OpenWebStart trust store. But the code signing CA "CN=thawte SHA256 Code Signing CA - G2" is missing. So OpenWebStart can't verify the trust chain. After downloading the "CN=thawte SHA256 Code Signing CA - G2" from Thawte and imported it, it works.
It would be great if this well known code signing CA from Thawte would be included via default in the OpenWebStart keystore to verify signed jars. Maybe all applications which are signed with a Thwate code signing certificate will have is issue. The manually step to download and import this missing CA may be an issue for OpenWebStart users.
Here are the details of this missing certificate: Thanks and regards,
Frank