StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to sign (dynamic) JNLP files for OSX and Gatekeeper
text
Body
copied!<p>My company produces Java Applications for Servers and delivers JNLP files to start local Applications. Since OSX 10.8.4 it is required to sign JNLP files with a Developer ID to keep Gatekeeper happy (it's actually in the <a href="http://support.apple.com/kb/HT5784">release notes</a> at the very bottom).</p> <p>The question is: how to accomplish this? AFAIK you can sign Apps (we have some Java Apps signed with Developer IDs) - but JNLP - Files are just that: files.</p> <p>Next: how to do this with generated JNLP files. We have to modify them as they come from a server - e.g. properties, base URL and so forth.</p> <p>AFAIK <a href="https://blogs.oracle.com/thejavatutorials/entry/signing_jar_files_with_a">Java has a certain mechanism</a> to say JNLP files are signed via their respective JAR file (the one that holds the main class) - but: Jar files are signed with a different certificate they will not satisfy Gatekeeper as well.</p> <p>I did find <a href="https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW2">one reference on how to sign tools and stuff</a>, but it does not apply the scenario of dynamic files.</p> <p>What I do not want as answers: Right-Click and Open to override the Gatekeeper or change the System- or Java settings. This is not an option. </p> <p>[UPDATE] Since OSX 10.9.5 you also have to sign using OSX 10.9+ and have valid version 2 signatures. How will this be done?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload