Using certificate with default Bootstrap #29
Comments
|
Assuming The default bootstrap only supports X.509 certificates and in no way attempts to be a full fledged key-type detection framework. Note: Certificates are more than just public keys. X.509 certs is the standard type generated with Java's Unfortunately, if you need different key types you cannot use the default bootstrap; although nothing holds you back from copying the source code and making your changes and use it as a custom bootstrap. |
|
Thank you, I think I got it now. And yes it is just a placeholder. I manged to create keypair with keytool and exported a public key cer -file. On dev machine I get private key from a keystore when generating a new conf file. Works like a charm. I store the public key .cer in the application folder and it can be bundled with installation. Just to make sure; if for any reason I want change the keypair is it also safe to push a new public key .cer -file with rest of the updates or are there some security concerns? |
|
Shouldn't be any security concern.
The files are not replaced until the whole update download and validate process is done. So update4j will not see your new key until next update is performed.
|
Certificate part work wonderfully when I make a key pair and use private key for building conf and use custom Delegate and do the following:
However, if I want to use --cert=[path] and the default delegate I find it really difficult to build the certification file. I have tried so many different ways to create the file and I always end up getting an error like "Caused by: java.io.IOException: Short read of DER length" or "java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Incomplete data"
So I'm asking is there a simple way to generate a valid certification file with correct info to build the public key?
The text was updated successfully, but these errors were encountered: