Code Signing using Java SE Development Kit (JDK) 10
Please follow the instructions included below to sign components and confirm the legitimacy of the Code Signing certificate.
Note: If installing on Windows Command Prompt, please ensure that the JDK Bin folder is included in the PATH environment.
Note: The following tools need to be installed prior to beginning the process.
- Install the Java SE Development Kit
Create Java Keystore File & CSR
- Launch the Command Prompt on your device
- Enter the following command:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks
You will be required to enter the following information:
- Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Firstname Lastname or YourCompanyName
What is the name of your organizational unit?
What is the name of your organization?
[Unknown]: YourCompanyName or Firstname Lastname
What is the name of your City or Locality?
What is the name of your State or Province?
[Unknown]: YourState or YourProvince
What is the two-letter country code for this unit?
Is CN=YourCompanyName or Firstname Lastname, OU=YourDepartment, O=YourCompanyName or Firstname Lastname, L=YourCity, ST=YourState, C=US correct?
Enter key password for
(RETURN if same as keystore password):
- When successfully performed, this command will create a Java Keystore File with the filename: "keystore.jks"
- The next step is to generate the CSR from the keystore, by running the following command in the prompt:
keytool -certreq -alias server -file csr.csr -keystore keystore.jks
Enter keystore password:
Note Refer to the password created in Step 3
- This will create a private key and CSR, which will be saved as .jks and .csr
Please ensure that you remember the keystore password as it will be used in every code signing associated with that certificate
Installing the Code Signing Certificate
Once you have obtained the code signing certificate from your provider, it can be installed in the keystore using the following steps
- Run this command into the prompt
keytool -import -trustcacerts -alias server -file YourName.p7b -keystore keystore.jks
- "Certificate reply was installed in keystore" should appear
- Type "Yes" to trust the certificate (only if required)
The certificate was installed successfully
Signing the .JAR Files with Jarsigner
When the CA's signed certificate is installed it can be used to sign code using Jarsigner
- Run the following command in the Command Prompt:
jarsigner -tsa http://timestamp.certificate_provider.com -keystore c:\Program Files\Java\jdk-10.0.2\bin\file.jks -storepass YourPassword c:\Program Files\Java\jdk-10.0.2\bin\file.jar YourAlias
(Please note that the command above is an example and the certificate provider, password and alias should be adjusted for each specific certificate)
- To verify that your file was successfully signed type: jarsigner -verify -verbose -certs "c:\Program Files\Java\jdk-10.0.2\bin\file.jar
- If successful, the following message will appear: "s = signature was verified"