certificatecode-signingpfxjar-signing

How to sign a JAR file using a .PFX file


We sign our .net code with a .PFX cert file. A colleague now needs to use the the same cert to sign a .jar file for a customer.

Can someone point me to a link or an example of how I can do this please?

The jar file will be used on Oracle Web Logic Server running on Solaris.

And, once signed do we need to send out anything other signed jar file?

Thanks.


Solution

  • [Link updated thanks to @Ezequiel]

    https://support.comodo.com/index.php?/Knowledgebase/Article/View/1207/7/how-to-sign-java-jar-files

    Check if you can see the certs

    -> keytool -list -v -storetype pkcs12 -keystore file.pfx 
    

    Note the alias.

    If it can: -> jarsigner -storetype pkcs12 -keystore file.pfx myjar.jar alias

    That's all there is to it.

    To verify the signature of the file...

    -> jarsigner -verify JAR_FILE 
    

    Where JAR_FILE is the file to be signed.