Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Use a Oracle Java Code Signing certificate

If you do not have the signature software yet, download the JDK here:

JDK Java

With the JDK jarsigner tool, you will be able to sign your JAR:

	jarsigner -tsa http://timestamp.digicert.com?alg=sha256  -keystore [keystore-name]  file-to-sign.jar [alias-name]
The timestamp server is a DigiCert one returning a SHA2 signature.
For Globalsign certificates, you can use the following server: http://timestamp.globalsign.com/?signature=sha2

Indicate the keystore name and the alias name in the keystore.

If you do not have a keystore but only a PKCS 12, use the syntax:

	jarsigner -tsa http://timestamp.digicert.com?alg=sha256 -storetype pkcs12 -keystore [pkcs12-file] file-to-sign.jar [alias-name]
The timestamp server is a DigiCert one returning a SHA2 signature.
For Globalsign certificates, you can use the following server: http://timestamp.globalsign.com/?signature=sha2

EDIT 2014 - New requirements for java signature

Since January 2014 Oracle imposes new secrity rules regarding RIA applications signature. In short, the Manifest file needs to be edited and added to the .jar file before signature.

Procedure for the Manifest edition:
Modify manifest file

Useful commands

See and check the content of the keystore:

keytool -list -v -keystore  your_keystore_filename > Keystore_content1.txt

Check the signature of your program:

jarsigner -verify -verbose -certs d:\TestApplet.jar

Useful links

External links