| Title | Expired Signing Certificate |
| Date | 25-Sep-2006 18:04:49 EEST |
| Version | 2.4.56 |
| Submitter | 210.84.8.244 |
| Bug criticality | MediumBug |
| Browser version | IE6 |
| Bug status | ClosedBug |
| PageProvider used | n/a |
| Servlet Container | Tomcat 5.5.17 |
| Operating System | Linux |
| URL | n/a |
| Java version | 5.0.8 |
The certificate file jspwiki.jks, used to sign the JSPWiki jar files has expired (March 2006).
This causes JAAS authentication to fail when using a security policy (actually it makes installation almost impossible unless you use AllPermission in the policy file, or add a number of additional permissions to make it work.)
Workaround: Remove 'signedBy "jspwiki",' text from the policy file. The signing of the JAR file will then be ignored, and the policies will just be read according to their Principals. However: This has the negative effect of making all other applications on the VM crash, because they cannot resolve the security role class:
java.lang.LinkageError: com/ecyrd/jspwiki/auth/authorize/Role java.lang.Class.forName0(Native Method) java.lang.Class.forName(Class.java:242) sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1403)
If the signing is replaced with the codebase, everything works well. eg:
grant
codeBase "file:/cust/metawiki/-",
principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
Possible solutions: Move role definitions out of the java security policy entirely, or sign a longer lasting certificate.
If there's another solution here, or I'm missing something, please let me know, and keep up the great work guys!
Neale Rudd
metawerx
http://www.metawerx.net
neale@metawerx.net
I'm downgrading this - I cannot replicate. My Tomcat is chugging along nicely with expired certificates.
Janne --
You really should renew your signing certificate. :)
--Andrew Jaquith, 01-Nov-2006
If I'm correct, this still isn't solved:
Your keystore contains 1 entry
Alias name: jspwiki
Creation date: Dec 4, 2005
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Janne Jalkanen, OU=JSPWiki Code Signing Division, O=jspwiki.org, C=FI
Issuer: CN=Janne Jalkanen, OU=JSPWiki Code Signing Division, O=jspwiki.org, C=FI
Serial number: 43923fab
Valid from: Sun Dec 04 02:00:27 CET 2005 until: Sat Mar 04 02:00:27 CET 2006
Certificate fingerprints:
MD5: 0A:13:BD:25:A6:F1:B5:80:78:56:7A:58:F3:E7:AA:B6
SHA1: 68:F9:6C:06:C7:E4:10:62:F4:0B:44:28:B7:FC:42:20:5A:FB:3D:23
This is from a 2.4.91 release download.
--HarryMetske, 02-Mar-2007
Fixed in 2.4.100.
Add new attachment
- Features
- Download
- Documentation
- Templates
- Plugins
- Provider
- Filters
- Support
- FAQ
- Irc Channel
- Mailing List
- Weblog
- Applications
- Getting Involved
- JSPWIKI Testers
Development
Internet Search