Java Code Signing PKSC12 Method

Article Purpose: This article provides step-by-step instructions on how to use a PKCS#12 (PFX/P12) file for Java Code Signing. If this is not the solution you are looking for, please search for your solution in the search bar above.

  1. Ensure you have Java SE Development Kit (JDK), you can download the latest version at the bottom of this page.

    To access the default install location of keytool.exe you will require administrative rights on Windows Vista or higher.
  2. Run the "Command Prompt" by pressing the Windows Key + R and typing in "cmd" followed by OK.
       -If the account is not administrator, go to Start All Programs >
    Accessories Right Click on Command Prompt > Click Run as Administrator

    Browse to the Java Directory:
    cd "Program Files\Java\jdk1.7.0_45\bin"
  3. We recommend first to check whether keytool can view your current PFX file, this will also help identify the alias name which is required for the signing process.

    keytool -v -list -storetype PKCS12 -keystore H:\CodeSign.pfx
    Step 3.png
  4. If the output is identical to above and no errors appear then you can proceed to sign the JAR file using;

    jarsigner -storetype PKCS12 -keystore PKCS12 -keystore H:\CodeSign.pfx H:\example.jar "1"

    Note: The -tsa command adds a timestamp using the specified URL. This is not required but recommended as timestamping a signature ensures the application will continue to be trusted even after the certificate has expired.

This successfully signs and timestamps the java application. If any issues are experienced, please run the above command again and include -verbose within the command to identify any errors.
To verify if a file has been correctly signed, use the following command:

jarsigner -verify codesigner.jar
jar verified.

Additional Resources:
Java Development Kit: 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Scan your endpoints to locate all of your Certificates.

Log In / Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support