Certifying Your Project

This page shows you how to certify your project so that you can legally use it in a closed source application and get rid of the license notification which is printed at runtime.

Prerequisites

You need to subscribe to the commercial licensing program for TrueLicense and buy a TrueLicense certificate for each edition of your software product. Processing the following certificate signing request and certificate response is part of this process.

Check Price

Issuing the Certificate Signing Request

You can generate a Certificate Signing Request (CSR) using:

$ keytool -certreq \
    -keystore *-keygen/src/main/resources/${privateKeyStoreFile} \
    -storetype ${keyStoreType} \
    -alias ${edition}

… where ${privateKeyStoreFile} and ${keyStoreType} represent the values of the equal named properties when generating your project and ${edition} is the name of an edition alias key store entry. For example, if you have used the same property values as shown in the sample command when generating your project, then this would be:

$ keytool -certreq \
    -keystore *-keygen/src/main/resources/private.ks \
    -storetype JCEKS \
    -alias standard

Once you’ve entered the password for the key store, you should see some output like this:

-----BEGIN NEW CERTIFICATE REQUEST-----
[...]
-----END NEW CERTIFICATE REQUEST-----

Please email this to sales AT schlichtherle DOT de. Don’t worry about security: The CSR just contains your public key, not your private key, so there is no confidential data in it.

Importing the Certificate Response

Next, you will get an email with the Certificate Response (CR) in the message body which looks like this:

----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

Note that the CR contains two certificates: The first certificate contains your public key and is signed by the X.500 principal with the distinguished name CN=TrueLicense 2, O=Schlichtherle IT Services. The second certificate contains the public key for signing the first certificate and is signed by the X.500 principal with the distinguished name CN=Schlichtherle IT Services, OU=Schlichtherle IT Services, O=Schlichtherle IT Services, L=Berlin, ST=Berlin, C=DE.

Copy-paste the CR into the following command:

$ keytool -importcert \
    -keystore *-keygen/src/main/resources/${privateKeyStoreFile} \
    -storetype ${keyStoreType} \
    -alias ${edition}

… where you need to replace ${privateKeyStoreFile}, ${keyStoreType} and ${edition} with the same values as before, so for example:

$ keytool -importcert \
    -keystore *-keygen/src/main/resources/private.ks \
    -storetype JCEKS \
    -alias standard

You generally need to terminate your input by typing Ctrl-D to signal End-Of-File to the key tool. When you run this command, you are prompted to validate the serial number and SHA fingerprints of the second, self-signed certificate. Please check that they match one of the following two entries:

Key Algorithm Serial Number SHA-1 / SHA-256 Fingerprints
DSA 76dbe28c E8:4A:6F:7A:EB:80:14:E5:64:F3:E8:A2:B2:EA:4F:1F:CA:82:BF:CD /
21:B0:86:6F:E6:DE:9E:DA:A2:E9:50:8B:07:CE:B5:E6:12:87:C7:B6:4D:89:A9:C7:40:B8:63:F7:DB:7D:EB:AA
RSA ac44e3d 35:9C:2B:98:7F:47:7C:C0:EA:1C:B7:15:20:74:B3:95:CC:F5:DC:13 /
E1:51:B1:96:6F:79:67:D3:BA:56:D4:B1:D4:F0:D0:12:D5:22:C7:9A:64:2C:DA:77:87:3F:93:91:85:BD:8F:E5

Updating Your Project

Next, you need to trigger a regeneration of the public key store file on the next build by removing it:

$ rm *-keymgr/src/main/resources/${publicKeyStoreFile}

… where ${publicKeyStoreFile} represents the value of the equal named property when generating your project, so for example:

$ rm *-keymgr/src/main/resources/public.ks

Building Your Project

You are now set for building your project again. That’s it - happy selling!