Java Code Signing PKSC12 Method

Article Purpose: This article provides step-by-step instructions on how to use a PKCS#12 (PFX/P12) file for Java Code Signing. If this is not the solution you are looking for, please search for your solution in the search bar above.

  1. Ensure you have Java SE Development Kit (JDK), you can download the latest version at the bottom of this page.

    To access the default install location of keytool.exe you will require administrative rights on Windows Vista or higher.
     
  2. Run the "Command Prompt" by pressing the Windows Key + R and typing in "cmd" followed by OK.
       -If the account is not administrator, go to Start All Programs >
    Accessories Right Click on Command Prompt > Click Run as Administrator

    Browse to the Java Directory:
    cd "Program Files\Java\jdk1.7.0_45\bin"
     
  3. We recommend first to check whether keytool can view your current PFX file, this will also help identify the alias name which is required for the signing process.

    keytool -v -list -storetype PKCS12 -keystore H:\CodeSign.pfx
    Step 3.png
  4. If the output is identical to above and no errors appear then you can proceed to sign the JAR file using;

    jarsigner -storetype PKCS12 -keystore PKCS12 -keystore H:\CodeSign.pfx H:\example.jar "1"
    ​-tsa http://timestamp.globalsign.com/scripts/timestamp.dll 


    The -tsa command adds a timestamp using the specified URL. This is not required but recommended as timestamping a signature ensures the application will continue to be trusted even after the certificate has expired 
    Step 4.png

This successfully signs and timestamps the java application. If any issues are experienced, please run the above command again and include -verbose within the command to identify any errors.
To verify if a file has been correctly signed, use the following command:

jarsigner -verify codesigner.jar
jar verified.

Additional Resources:
Java Development Kit: http://www.oracle.com/technetwork/java/javase/downloads/index.html 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.