How to Sign Java Files using Code Signing Certificates
How to Set Up and Install a Java Code Signing Certificate
In Java, the process of setting up and installing a Java Code Signing Certificate is mostly the same as with an SSL Certificate but with a few minor differences. Here, firstly you have to create a Java keystore along with your CSR (Certificate Signing Request) and then the process of installation begins.
Java CSR Creation & Code Signing Certificate Installation Process
Before you begin with any process, be sure that JDK (Java Development Kit) is installed properly on your local computer or server. Once you create the CSR, be sure to keep track of yuor keystore file as it contains the private key. Additionally, the keystore file is also used to install your Code Signing Certificate.
If you’re using the below-mentioned instructions from a Windows Server, use the command prompt and be sure that the JDK bin folder is there in your Path environment,
Moreover, you can use the JDK bin folder to run the keytool directly. Be sure to keep your newly created keystore and CSR files securely.
Step-by-step Guide to Create a Java Keystore File & CSR:
Step:1 For creating a keystore and key, at the command prompt run this command
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore Examplekeystore.jks
Step:2 Enter the requested information, as prompted:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Firstname Lastname or YourCompanyName
What is the name of your organizational unit?
What is the name of your organization?
[Unknown]: YourCompanyName or Firstname Lastname
What is the name of your City or Locality?
What is the name of your State or Province?
[Unknown]: YourState or YourProvince
What is the two-letter country code for this unit?
Is CN=YourCompanyName or Firstname Lastname, OU=YourDepartment, O=YourCompanyName or Firstname Lastname, L=YourCity, ST=YourState, C=US correct?
Enter key password for
(RETURN if same as keystore password):
Step:3 Once you complete the above step, a Java keystore file called Examplekeystore.jks will be created.
Step:4 Now, for generating a CSR through keystore, at the command prompt run this command
keytool -certreq -alias server -file csr.csr -keystore Examplekeystore.jks
Note: Keep the same password which you used in Step 2
Step:5 Once you complete the above steps, you will be provided with the private key & a CSR saved in .jks & .csr file format respectively.
Step: 6 Now, when you place your Code Signing Certificate order, open the .csr file using any text editor and copy & paste its contents in the given CSR box on the order form of our website.
Note: Keep your keystore password secure, as you will need it during installation time and whenever you use the certificate for signing code.
Step-by-step Guide to Install Code Signing Certificate
Step:1 For installing the certificate, at the command prompt run the following command
keytool -import -trustcacerts -alias server -file YourName.p7b -keystore Examplekeystore.jks
Step: 2 If the above step has gone correctly, you should receive a message saying, “Certificate reply was installed in keystore.”
Step:3 Type y or yes, if you’re asked to trust the certificate.
Step:4 Finally, your code signing certificate is installed and you can proceed to sign code.
Step-by-step Guide to Sign Java .jar Files with Jarsigner
Step:1 For signing a file, at the command prompt run the following command
arsigner -tsa http://timestamp.<certificate-authority>.com -keystore c:\path\to\your\Examplekeystore.jks -storepass ExamplePassword c:\path\to\your\file.jar ExampleAlias
Step:2 If you don’t find any output don’t worry, as it doesn’t provide any information of code being signed successfully./h4>
Step:3 For verifying .jar file was signed successfully, run the below jarsigner -verify command in command prompt
jarsigner -verify -verbose -certs c:\path\to\your\file.jarjarsigner -verify -verbose -certs c:\path\to\your\Examplefile.jar
Step:4 If your code is signed successfully, you will see the following output
s = signature was verified