• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Monterey mod_WebObjects.so code signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Monterey mod_WebObjects.so code signing

  • Subject: Re: Monterey mod_WebObjects.so code signing
  • From: John Pollard via Webobjects-dev <email@hidden>
  • Date: Thu, 10 Feb 2022 14:41:00 +0000
I solved this, so if anyone else needs a pointer:

You can create a self-signed Code Signing Certificate Authority following the
very good instructions here:
https://www.simplified.guide/macos/keychain-ca-code-signing-create
<https://www.simplified.guide/macos/keychain-ca-code-signing-create>

You can then create a self-signing Code Signing Certificate as per:
https://www.simplified.guide/macos/keychain-cert-code-signing-create
<https://www.simplified.guide/macos/keychain-cert-code-signing-create>

You can then sign the library like this:
sudo codesign -s "JPMPLCert" --keychain ~/Library/Keychains/login.keychain-db
/Library/WebObjects/Adaptors/Apache2.4/mod_WebObjects.so
where “JPMPLCert” is whatever name you called your certificate

I got the error:
unable to build chain to self-signed root for signer …
which I couldn’t resolve, but found a workaround; just sign directly with the
Certificate Authority cert created above:
sudo codesign -s "JPMPLCA" --keychain ~/Library/Keychains/login.keychain-db
/Library/WebObjects/Adaptors/Apache2.4/mod_WebObjects.so
where “JPMPLCA” is whatever you called your Certificate Authority

Then add it to the LoadModule line in your apache config:
LoadModule WebObjects_module
/Library/WebObjects/Adaptors/Apache2.4/mod_WebObjects.so “JPMPLCA"
where the bit in quotes at the end is whatever you ended up signing your
library with earlier

Now when do my apache configtest I see:
Allowing module loading process to continue for module at
/Library/WebObjects/Adaptors/Apache2.4/mod_WebObjects.so because module
signature matches authority "JPMPLCA" specified in LoadModule directive

and the world is right again

John

> On 8 Feb 2022, at 17:35, John Pollard via Webobjects-dev
> <email@hidden> wrote:
>
> Hello,
>
> After switching to Monterey
>
> apache configtest
>
> gives:
>
> [Tue Feb 08 17:25:53.363409 2022] [so:error] [pid 2017] AH06665: No code
> signing authority for module at
> /Library/WebObjects/Adaptors/Apache2.4/mod_WebObjects.so specified in
> LoadModule directive.
>
> If anyone has jumped through this hoop, could you point me in the right
> direction?
>
> I only need this for running to test things out in development, it is not a
> deployment environment.
>
> Many thanks,
> John
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Monterey mod_WebObjects.so code signing (From: John Pollard via Webobjects-dev <email@hidden>)

  • Prev by Date: Monterey mod_WebObjects.so code signing
  • Next by Date: New WO Install on Monterey
  • Previous by thread: Monterey mod_WebObjects.so code signing
  • Next by thread: New WO Install on Monterey
  • Index(es):
    • Date
    • Thread