Use a Oracle Java Code Signing certificate
If you do not have the signature software yet, download the JDK here:
With the JDK jarsigner tool, you will be able to sign your JAR:
jarsigner -tsa http://timestamp.digicert.com?alg=sha256 -keystore [keystore-name] file-to-sign.jar [alias-name]The timestamp server is a DigiCert one returning a SHA2 signature.
For Globalsign certificates, you can use the following server: http://timestamp.globalsign.com/?signature=sha2
Indicate the keystore name and the alias name in the keystore.
If you do not have a keystore but only a PKCS 12, use the syntax:
jarsigner -tsa http://timestamp.digicert.com?alg=sha256 -storetype pkcs12 -keystore [pkcs12-file] file-to-sign.jar [alias-name]The timestamp server is a DigiCert one returning a SHA2 signature.
For Globalsign certificates, you can use the following server: http://timestamp.globalsign.com/?signature=sha2
EDIT 2014 - New requirements for java signature
Since January 2014 Oracle imposes new secrity rules regarding RIA applications signature. In short, the Manifest file needs to be edited and added to the .jar file before signature.
Procedure for the Manifest edition:
Modify manifest file
Useful commands
See and check the content of the keystore:
keytool -list -v -keystore your_keystore_filename > Keystore_content1.txt
Check the signature of your program:
jarsigner -verify -verbose -certs d:\TestApplet.jar