This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
When deploying A JNLP enabled project with 'Signing' enabled (Option 'signed by a specified key') i get following Warning for every jar file in the build process Warning: No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2015-04-06) or after any future revocation date. Signing JAR:.... I have read somewhere in a forum you can add jnlp.signing.tsaurl=http://tsa.starfieldtech.com to project.properties and add 'tsaurl="${jnlp.signing.tsaurl}' to a 'signjar' task: <!-- Custom Code Timestamping using Ant's signjar instead of NetBeans --> <target name="sign-jars" depends="-jnlp-init-keystore,-check-signing-possible" if="jnlp.signed.true+signjars.task.available"> <echo message="Using custom code for signing and timestamping via build.xml..."/> <signjar alias="${jnlp.signjar.alias}" storepass="${jnlp.signjar.storepass}" keystore="${jnlp.signjar.keystore}" keypass="${jnlp.signjar.keypass}" tsaurl="${jnlp.signing.tsaurl}"> <path> <fileset dir="dist" includes="*.jar" /> <fileset dir="dist/lib" includes="*.jar" /> </path> </signjar> </target> to build.xml however for a jnlp deployment the singing process is within the jnlp-build.xml and looks like <target name="sign-jars" depends="-jnlp-init-keystore,-check-signing-possible" if="jnlp.signed.true+signjars.task.available"> <taskdef name="sign-jars" classname="org.netbeans.modules.javawebstart.anttasks.SignJarsTask" classpath="${libs.JWSAntTasks.classpath}"/> <sign-jars keystore="${jnlp.signjar.keystore}" storepass="${jnlp.signjar.storepass}" keypass="${jnlp.signjar.keypass}" alias="${jnlp.signjar.alias}" mainjar="${dist.jar}" destdir="dist" codebase="${jnlp.codebase.value}" signedjarsprop="jnlp.signed.jars" componentsprop="jnlp.components"> <fileset dir="dist/lib"> <include name="*.jar"/> </fileset> </sign-jars> </target> But it seems the 'sign-jars' task in contrast to the 'signjar' task above does not support a 'tsaurl="${jnlp.signing.tsaurl}' option How else can I get the jar files to be timestamped?