Is it possible to use LE to sign java applets?


#1

What the title says, can it be done?


#2

I don’t believe so. LE does not issue certificates marked as valid for code signing.


#3

LE is for TLS servers like websites and email. Code signing usage is impossible.


#4

I see, thanks for the replies.


#5

I went pretty far down this rabbit hole. Here’s where I ended up: sun.security.validator.ValidatorException: Extended key usage does not permit use for code signing .

I had a certificate issued from letsencrypt, and then used this guy’s instructions to transform the keys into Java Keystore JKS format. Then, I got the above error, and could not execute my JNLP.

Letsencrypt is awesome, and the entire Java WebStart technology is slowing going away. However, for the need I presently have (signing jar files), it unfortunately looks like letsencrypt will not work for me. I wanted to provide this super detailed response in case anyone else started down this path, and my note could help them come to the same conclusion I did, but more quickly.

Here’s the shortcut, official, someone working for letsencrypt explaining why they don’t issue these kind of certificates.