Certificates (Sun N1 Service Provisioning System 5.1 Plug-in Development Guide)

Sun N1 Service Provisioning System 5.1 Plug-in Development Guide

Previous: Installation Considerations
Next: Security Considerations

Certificates

If the plug-in descriptor file is signed for one version of a plug-in, then the file must be signed for any subsequent versions of that plug-in. Use the standard jarsigner tool to sign the plug-in descriptor file. If the file is signed, the signature will be verified against the public certificate when the plug-in is installed. When upgrading a plug-in, the certificate used to sign the newer version is matched against the certificate used to sign the existing version in the system. The upgrade will not succeed if certificates have expired between plug-in versions.

You should sign all entries in the plug-in JAR (not just the plug-in descriptor file) with the same certificate. Only a single certificate may be attached to each entry.

Previous: Installation Considerations
Next: Security Considerations