Is there any way to prevent the "The application's digital signature cannot be verified" warning message from appearing when you run a Java application from the command line?
I'm looking for a command line solution that would allow to start an application like this on a continuous integration server, so I need a solution that would not require manual intervention.
Also, I would prefer not to disable this warning for any application because this could be a security risk.
Not sure if helps but I do know the values of "name", "publisher" and "from" fields of the signature.
Just be sure, I'm not asking about how to sign this application.
update 1
I suppose that the solution is to use keytool
to import the certificate from the command line but for some reason it does fail to import it properly because it does not appear in control panel applet after this and the application still requires it.
keytool -importcert -file my.cer -alias alf2 -storepass changeme -noprompt
Is it something related to the the default keystore
, how can I assure I'm importing into the right keystore?
update 2
After lot of research on the net I made some progress, worked at least on Windows 7
with Java 6
: keytool -importcert -file my.cer -keystore "%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs" -storepass "" -noprompt -v
I looks that Sun failed to specify in the documentation the real location of the default keystore and the fact that the default password is blank.
But this is not the end, because when this run on the automation user account it failed, it failed because this user did not had an keystore yet and because the command line tool keytool
is not able to create a keystore with an empty password, requesting at least 6 characters. see Sun's forum tread...
I think you should create file for example mypolicy.policy in java.home/lib/security with grant all permisions to code signed by you and add this file to java.security (ex. under line where is java.policy path) this warning window will never prompt again