Verifying that the installer is signed

The Enterprise Connector installer JAR file is digitally signed. You can use the jarsigner tool to confirm that the file is intact and properly signed.

  1. Run this command to verify the JAR file signature (adjust the filename as needed):
    jarsigner -verify -verbose:summary -certs -strict com.infor.ion.cloud.enterprise.connector.installer-<version>.jar
  2. If your JDK uses the default truststore, you may encounter this error:

    'This jar contains entries whose certificate chain is invalid.'

    This indicates that the signing certificate is not trusted by your JDK.

  3. Trust the Microsoft Identity Verification Root Certificate.

    The JAR is signed with a certificate issued under the Microsoft Trusted Root Program. To ensure your JDK trusts this certificate, import the Microsoft Identity Verification Root Certificate Authority 2020. The thumbprint is f40042e2e5f7e8ef8189fed15519aece42c3bfa2.

  4. Download the certificate from the official Microsoft PKI repository:
    Microsoft PKI Repository
  5. Back up your JDK truststore.
    copy "%JAVA_HOME%\lib\security\cacerts" "%JAVA_HOME%\lib\security\cacerts.backup"
  6. Import the certificate into your JDK truststore. Adjust the paths and store password as needed.
    -alias
    Name to identify the certificate in the truststore. Example: microsoft-identity-root-ca.
    -keystore
    Path to the truststore file. Default: %JAVA_HOME%\lib\security\cacerts.
    -storepass
    Password for the truststore. Default: changeit.
    -file
    Path to the downloaded Microsoft Identity Verification Root Certificate Authority 2020 file.

    Example command:

    keytool -importcert -alias microsoft-identity-root-ca -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit -file "<path>\Microsoft Identity Verification Root Certificate Authority 2020.crt"
  7. When prompted 'Trust this certificate? [no]:', type yes and press Enter.