- sign all plug-in libraries (using certificate signed by one of the X# Certificate Authorities, if it is possible)
- make all plug-in files (XML and libraries) available using https protocol which use TLS (SSL) protection
The security policy is still a matter of discussion of Integration Team, so there are no restrictive rules defining certificates that should be used for jar signing. To sign a jar, using existing certificate verified by one of X# CA, certificate (and private key) should be first exported into file of PKCS12 format, that can be use as java "keystore"
To export certificate OpenSSL toolkit can be used.
- -inkey <private key file path>
- -in <certificate file path>
- -out <keystore user defined name>
- -CApath /etc/grid-security/certificates/
- -name <certificate alias>
- -storetype PKCS12
- -storepass <keystore passwd> <jar file name> <certificate alias>