|Title|Expired Signing Certificate 
|Date|25-Sep-2006 18:04:49 EEST 
|[Bug criticality]|MediumBug 
|Browser version|IE6 
|[Bug status]|ClosedBug 
|[PageProvider] used|n/a 
|Servlet Container|Tomcat 5.5.17 
|Operating System|Linux 
|Java version|5.0.8 

The certificate file jspwiki.jks, used to sign the JSPWiki jar files has expired (March 2006). 

This causes JAAS authentication to fail when using a security policy (actually it makes installation almost impossible unless you use AllPermission in the policy file, or add a number of additional permissions to make it work.) 

Workaround: Remove 'signedBy "jspwiki",' text from the policy file. The signing of the JAR file will then be ignored, and the policies will just be read according to their Principals. 
However: This has the negative effect of making all other applications on the VM crash, because they cannot resolve the security role class: 

java.lang.LinkageError: com/ecyrd/jspwiki/auth/authorize/Role 
java.lang.Class.forName0(Native Method) 

If the signing is replaced with the codebase, everything works well. 

codeBase "file:/cust/metawiki/-", 
principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { 

Possible solutions: Move role definitions out of the java security policy entirely, or sign a longer lasting certificate. 

If there's another solution here, or I'm missing something, please let me know, and keep up the great work guys! 

Neale Rudd 


I'm downgrading this - I cannot replicate.  My Tomcat is chugging along nicely with expired certificates.

-- JanneJalkanen


Janne --

You really should renew your signing certificate. :)

--Andrew Jaquith, 01-Nov-2006


If I'm correct, this still isn't solved:
Your keystore contains 1 entry

Alias name: jspwiki
Creation date: Dec 4, 2005
Entry type: keyEntry
Certificate chain length: 1
Owner: CN=Janne Jalkanen, OU=JSPWiki Code Signing Division, O=jspwiki.org, C=FI
Issuer: CN=Janne Jalkanen, OU=JSPWiki Code Signing Division, O=jspwiki.org, C=FI
Serial number: 43923fab
Valid from: Sun Dec 04 02:00:27 CET 2005 until: Sat Mar 04 02:00:27 CET 2006
Certificate fingerprints:
         MD5:  0A:13:BD:25:A6:F1:B5:80:78:56:7A:58:F3:E7:AA:B6
         SHA1: 68:F9:6C:06:C7:E4:10:62:F4:0B:44:28:B7:FC:42:20:5A:FB:3D:23

This is from a 2.4.91 release download.

--HarryMetske, 02-Mar-2007

Fixed in 2.4.100.