Menu

Token Based JAR Signing - Mac OS X

Jan 7, 2026

OVERVIEW: This page walks you through the process of token-based JAR Code Signing in Mac OS X platform. At the completion of this procedure, you will be able to sign a JAR file in Mac OS X platform. For more Code Signing guidelines, please refer to this page

 

SUGGESTION: Only if the timestamp trust chain does not validate, then import R6-R45 timestamp cross certificate in Java root CA certificate store. You can use this command line for the purpose: keytool -import -trustcacerts -alias myrootcert -file "C:\path\to\your\root_certificate.cer" -keystore "C:\path\to\your\cacerts"

 

Configuring JDK

  1. Install the 32-bit JDK and locate the JDK bin folder. Note: The default location is "Computer\Mac OS X\Library\Java\JavaVirtualMachine\jdkx.x.x_xxx\Contents\Home\bin". 

    pic_1.jpg

  2. Using sublime text or another text editor that supports multiple file formats, create a file named eToken.cfg in the bin folder with the following content as shown below.

    pic_2.jpg

  3. Save the eToken.cfg in the bin folder.  

  4. Right-click the bin folder, and click Get Info

  5. Click the padlock at the bottom right, then change the permissions so you can read and write on that folder.

     pic_5.jpg

MAC OS X JarSigning

  1. Open the terminal and then navigate to the jdkx.x.x_xxx\bin directory where jarsigner.exe, keytool.exe, and the eToken.cfg file you created are located.   

    mac1.jpg

  2. Confirm your certificate alias with the terminal command:   
    keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg

    mac_2.jpg

    Enter your keystore passphrase (token password) when prompted.   

  3. Sign the JAR file using the following command: 
    jarsigner -tsa http://timestamp.globalsign.com/tsa/r45standard -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias"
    Enter your keystore passphrase (token password) when prompted. Wait for the output, "jar signed". 

    mac_3.jpg

  4. Verify the signature by using the following command: 
    jarsigner -verify -verbose /directory/test.jar 
    You should be getting an output similar to the image below with "jar verified" at the end. 

    mac_4.jpg

Related Articles

Code Signing Best Practices

Mar 2, 2020, 6:33 AM

GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.

Read More

Order EV Code Signing Certificate (HSM-Based)

Mar 2, 2020, 6:51 AM

Read More

Download and Install Code Signing Certificate (HSM-Based)

Mar 2, 2020, 7:10 AM

This page walks you through the process of downloading and installing you GlobalSign Code Signing Certificate using HSM. At the completion of this procedure, your Certificate will be ready to place signatures on drivers, executables, and other files.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support