3

I'm working on an Eclipse-based product and am currently facing an issue when installing plugins on it. Despite the certificates being issued by VeriSign (and the plugins being properly signed with the certificate on export), when installing the "Do you trust these certificates?" window still pops up.

Now, the question is, is this the expected behavior? I was hoping that once we used a trusted CA then we wouldn't have to deal with users facing this dialogue. And if not, any tips as to where I should look to start fixing the problem?

You can find images of the trust certificate window here and the details for the cert here

Serban Constantin
  • 3,316
  • 1
  • 18
  • 20
  • Check your running JRE whether has already builtin the VeriSign's root CA. Eclipse uses security API of Java to verify certificate. – Kane Aug 20 '12 at 09:55
  • Just did that and the VeriSign root CA is there; I event went as far as adding our key to the cacerts list and still have the same issue. – Serban Constantin Aug 20 '12 at 11:43

1 Answers1

1

Short answer: Your certificate is missing an e-mail field in the subject.

When we moved to using a software vendor certificate from an individual developer certificate, we encountered the same problem. The only difference between our certificates is that the individual developer cert has an e-mail address in the subject (the field named "E") and the new software vendor cert does not. GlobalSign allows you to reissue certificates, so we reissued our software vendor certificate with a generic e-mail address in the subject field. That fixed the Eclipse problem and customers no longer see the "Do you trust these certificates?" window.

By the way, our certificate does not have an Organizational Unit defined, and that does not cause problems with Eclipse.

Devin
  • 87
  • 6
  • Just did a test with a self-signed certificate that has an email address and the same one without. It seems that the lack of an email address in the VeriSign issued one is indeed the cause for the window. – Serban Constantin Oct 04 '12 at 14:26