Article Purpose: This article provides step-by-step instructions on how to use a PKCS#12 (PFX/P12) file for Java Code Signing. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: This guide is for customers using the legacy Code Signing Certificates. For new customers, please check the new guide.
- Ensure you have Java SE Development Kit (JDK), you can download the latest version at the bottom of this page.
To access the default install location of keytool.exe you will require administrative rights on Windows Vista or higher.
- Run the "Command Prompt" by pressing the Windows Key + R and typing in "cmd" followed by OK.
-If the account is not administrator, go to Start > All Programs >
Accessories > Right Click on Command Prompt > Click Run as Administrator
Browse to the Java Directory:
cd "Program Files\Java\jdk1.7.0_45\bin"
- We recommend first to check whether keytool can view your current PFX file, this will also help identify the alias name which is required for the signing process.
keytool -v -list -storetype PKCS12 -keystore H:\CodeSign.pfx
- If the output is identical to above and no errors appear then you can proceed to sign the JAR file using;
jarsigner -storetype PKCS12 -keystore PKCS12 -keystore H:\CodeSign.pfx H:\example.jar "1"
The -tsa command adds a timestamp using the specified URL. This is not required but recommended as timestamping a signature ensures the application will continue to betrusted even after the certificate has expired
To verify if a file has been correctly signed, use the following command:
jarsigner -verify codesigner.jar