Article Index
B.) Preparations: Create a signer certificate
Note: This step is not needed if you didn´t wish to add own eclipse features and/or if you didn´t wish to edit existing ones.
Ba.) Create a keystore and generate the key pair. A sample command line is shown:
%JAVA_HOME%\bin\keytool -genkey -dname "cn=Bob, ou=Sales, o=foo, c=US" -alias "my self signed cert" -keypass mypassword -keystore C:\sign-plugin\abx\mykeystore -storepass password -keyalg "RSA" -validity 360
Bb.) Create a listing of the newly created self-signed certificate/key pair. A sample command line is shown:
%JAVA_HOME%\bin\keytool -list -v -alias "my self signed cert" -keystore C:\sign-plugin\abx\mykeystore -storepass password
Bc.) For the feature you'll be adding to the install kit, sign its updatesite JAR files (in the features folder and in the plugins folder) using the self-signed certificate/key pair. Sample command lines for signing JAR files in the features folder and plugins folder are shown:
%JAVA_HOME%\bin\jarsigner -verbose -keystore C:\sign-plugin\abx\mykeystore -storepass password -keypass mypassword C:\sign-plugin\abx\mytestUpdatesite\features\com.ibm.sign.demo.feature_1.0.0.jar "my self signed cert"
Bd.) Export a trust certificate that can authenticate your public key. A sample command line is shown (see notes 2 for the storepass):
%JAVA_HOME%\bin\keytool -export -alias "my self signed cert" -file myselfsignedcert.cer -keystore C:\sign-plugin\abx\mykeystore -storepass password
Be.) Add the exported trust certificate to the Notes install kit keystore to enable trust for your public key at install. A sample command line is shown (see notes 2 for the storepass):
%JAVA_HOME%\bin\keytool.exe -import -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype Note: This step is not needed if you didn´t wish to add own eclipse features and/or if you didn´t wish to edit existing ones. Ba.) Create a keystore and generate the key pair. A sample command line is shown: %JAVA_HOME%\bin\keytool -genkey -dname "cn=Bob, ou=Sales, o=foo, c=US" -alias "my self signed cert" -keypass mypassword -keystore C:\sign-plugin\abx\mykeystore -storepass password -keyalg "RSA" -validity 360 Bb.) Create a listing of the newly created self-signed certificate/key pair. A sample command line is shown: %JAVA_HOME%\bin\keytool -list -v -alias "my self signed cert" -keystore C:\sign-plugin\abx\mykeystore -storepass password Bc.) For the feature you'll be adding to the install kit, sign its updatesite JAR files (in the features folder and in the plugins folder) using the self-signed certificate/key pair. Sample command lines for signing JAR files in the features folder and plugins folder are shown: %JAVA_HOME%\bin\jarsigner -verbose -keystore C:\sign-plugin\abx\mykeystore -storepass password -keypass mypassword C:\sign-plugin\abx\mytestUpdatesite\features\com.ibm.sign.demo.feature_1.0.0.jar "my self signed cert" Bd.) Export a trust certificate that can authenticate your public key. A sample command line is shown (see notes 2 for the storepass): %JAVA_HOME%\bin\keytool -export -alias "my self signed cert" -file myselfsignedcert.cer -keystore C:\sign-plugin\abx\mykeystore -storepass password Be.) Add the exported trust certificate to the Notes install kit keystore to enable trust for your public key at install. A sample command line is shown (see notes 2 for the storepass): %JAVA_HOME%\bin\keytool.exe -import -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias "my self signed cert" -file myselfsignedcert.cer -storepass "" Bf.) List the entries in the Notes install kit keystore. A sample command line is shown (see notes 2 for the storepass): %JAVA_HOME%\bin\keytool.exe -list -v -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias "my self signed cert" -storepass "" Note 1: See "How to add a certificate to the Lotus Notes 8 installation media kit file using keytool.exe (Technote 1305165)" for more information. Note 2: For 8.02 FP2 and above, the original IBM keystore has the password "changeit". Note 3: This section used parts from the "Signing and adding new features to the kit" Notes Admin topic which can be found here.B.) Preparations: Create a signer certificate