Free Code Signing website
Dear all,
I found a free Code Signing website (http://www.ascertia.com/OnlineCA/codesign.aspx?linkID=40) and I followed their guide (How does object signing work with Ascertia Code Signing Digital IDs). In the step 4 in their guide, I met blow error message.
C:> keytool 杋mport 朼lias MyCert 杅ile TestNew.cer
keytool error: java.lang.Exception: Failed to establish chain from reply
If someone available could you visit their website and test their free code signing service? I抦 not sure about where is the source of this error, my side or their side. If someone success the code sign their site, can you explain your steps? I will appreciate your reply.
Thank you,
[704 byte] By [
komunamua] at [2007-10-2 11:22:56]
Hi all,I solve the problem, after I import the certificate of root CA and chain CA, it works find. Anyway, thank for the reading.
I have the same problem as you. But I am not able to resolve it.
I am able to install the "Ascertia Root CA" cerfificate but you also mention the "Ascertia Chain CA" certificate. Is this a seperate certificate? If so, where can I get it? I am unable to find it on Ascertia's webpages.
Still get the same error
keytool error: java.lang.Exception: Failed to establish chain from reply
When running
C:> keytool 杋mport 朼lias MyCert 杅ile NOV.cer
Please help :-)
Dear Attila
When you login into the free digital certificates website in the Ascertia.com, you can see the certificate specific information form. You should use this form. When you fill up the form, choose the Code signing Certificates in certificate type and choose the 1024 bit in key size then submit. After that, you will get the ?p7b?format certificate. Save this in your computer and double click in. Windows?Certificate manage will show the information of the ?p7b?format certificate. If you click the certificate in the manage, you can see the three certificates (Ascertia CA 1, Ascertia Root CA, your Certificate). Click each certificate and export it. Now you get the Root CA and Chain CA certificate files. Using keytool, import these certificate in your keystore file and go head your process. I hope you can sign your code without any problem.
Regards,
Moo Nam Ko
Hi I followed the steps you eplained above and was able to create a Root CA and export and Import it for use but I don't know how I'm goin to sign it for my Java Applet.Thanks in Advance
HiIf you go below link, you can find out how you can sign your applet. http://www.ascertia.com/OnlineCA/codesign.aspx?linkID=40Good Luck.Moo Nam Ko
Hi,
what file format did you use when you exported the certificates? I used p7b and when it asked to browse for the file , i used the same file (certficate) that was generated by ascertia site. am i doing the right thing? after i exported all the certificates, i used the import command to import my certificate which is the p7b file, and i got the error message public keys in reply and keystore dont match.
according to their instructions, it mentions that I should submit the CSR that i get after i execute certreq command , then save the CSR as .cer then execute the import command. I got the error message, failed to establish chain from reply.
so i followed your instructions about the p7b file, and it didnt work for me. i might be doing something wrong when i export the certificates.
could you please give me instructions on how to do that.
I appreciate your help.
Thanks
M
I thought that the basis for code signing was that you could trust the signer so I don't see the point of using the site given by the orignal OP especially after looking at the disclaimer in http://www.ascertia.com/OnlineCA/issuer/default.aspx .
I've done exactly up to what you said with the exporting but where do I go from there.
I've exported each of the certificates in the .p7b file and attempted to import doing this:
C:>keytool -import -alias <keystore name> -file "Ascertia CA 1.cer"
And I keep recieving this error:
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong? Is there something I'm missing?
Please help.
> I thought that the basis for code signing was that
> you could trust the signer so I don't see the point
> of using the site given by the orignal OP especially
> after looking at the disclaimer in
> http://www.ascertia.com/OnlineCA/issuer/default.aspx .
Do you have any better options for signing applet code that don't cost $200 or more a year?
I create educational applets, some of which are free at this time, and some of which I sell to textbook companies, but none of this gives me enough to cover $200/yr to keep one of these certificates current. indefinitely.
Thanks!
math prof
