Our accreditations and awards:
30 days guarantee
0 items Total $0

Code Signing using Java SE Development Kit (JDK) 10

Please follow the instructions included below to sign components and confirm the legitimacy of the Code Signing certificate.
Note: If installing on Windows Command Prompt, please ensure that the JDK Bin folder is included in the PATH environment.

Installation Tools

Note: The following tools need to be installed prior to beginning the process.

Create Java Keystore File & CSR

  1. Launch the Command Prompt on your device
  2. Enter the following command:
    keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks
  1. You will be required to enter the following information:
  • Enter keystore password:
    Re-enter new password:
    What is your first and last name?
    [Unknown]: Firstname Lastname or YourCompanyName
    What is the name of your organizational unit?
    [Unknown]: YourDepartment
    What is the name of your organization?
    [Unknown]: YourCompanyName or Firstname Lastname
    What is the name of your City or Locality?
    [Unknown]: YourCity
    What is the name of your State or Province?
    [Unknown]: YourState or YourProvince
    What is the two-letter country code for this unit?
    [Unknown]: US
    Is CN=YourCompanyName or Firstname Lastname, OU=YourDepartment, O=YourCompanyName or Firstname Lastname, L=YourCity, ST=YourState, C=US correct?
    [no]: yes
    Enter key password for
    (RETURN if same as keystore password):
  1. When successfully performed, this command will create a Java Keystore File with the filename: "keystore.jks"
  2. The next step is to generate the CSR from the keystore, by running the following command in the prompt:
    keytool -certreq -alias server -file csr.csr -keystore keystore.jks
    Enter keystore password:
Note Refer to the password created in Step 3

  1. This will create a private key and CSR, which will be saved as .jks and .csr

Please ensure that you remember the keystore password as it will be used in every code signing associated with that certificate

Installing the Code Signing Certificate

Once you have obtained the code signing certificate from your provider, it can be installed in the keystore using the following steps

  1. Run this command into the prompt
    keytool -import -trustcacerts -alias server -file YourName.p7b -keystore keystore.jks
  2. "Certificate reply was installed in keystore" should appear
  3. Type "Yes" to trust the certificate (only if required)

The certificate was installed successfully

Signing the .JAR Files with Jarsigner

When the CA's signed certificate is installed it can be used to sign code using Jarsigner

  1. Run the following command in the Command Prompt:
    jarsigner -tsa http://timestamp.certificate_provider.com -keystore c:\Program Files\Java\jdk-10.0.2\bin\file.jks -storepass YourPassword c:\Program Files\Java\jdk-10.0.2\bin\file.jar YourAlias
    (Please note that the command above is an example and the certificate provider, password and alias should be adjusted for each specific certificate)
  2. To verify that your file was successfully signed type: jarsigner -verify -verbose -certs "c:\Program Files\Java\jdk-10.0.2\bin\file.jar
  3. If successful, the following message will appear: "s = signature was verified"