20111024

New documentation page https://www.lino-framework.org/davlink/index.html.

Tried to apply a public CACert certificate for the DavLink.jar so that users know whom to trust when adding their security exception.

• Opened account on www.cacert.org

• Created new client certificate

• Installed into FF from link provided by www.cacert.org

• Exported from FF as file t:dataluccacertCAcertWoTUser.crt using Certificate Manager (Options ‣ Advanced ‣ Encryption ‣ Your Certificates ‣ View ‣ Details ‣ Export

• Imported into java keystore using:

  keytool -import -file t:\data\luc\cacert\CAcertWoTUser.crt -alias luc -trustcacerts
  

No success yet. Difficult to document. Here are some notes:

jarsigner: Certificate chain not found for: luc.  luc must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.


T:\hgwork\lino\java>keytool -importkeystore -srckeystore t:\data\luc\cacert\luc.p12 -srcstoretype PKCS12
Enter destination keystore password:
Enter source keystore password:
Entry for alias cacert wot user's root ca id successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

keytool -changealias -alias "cacert wot user's root ca id" -destalias luc


Warning:
The signer certificate's ExtendedKeyUsage extension doesn't allow code signing.
The signer certificate will expire within six months.
The signer's certificate chain is not validated.


Warning:
The signer certificate's ExtendedKeyUsage extension doesn't allow code signing.
The signer's certificate chain is not validated.