File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Applets and the fly likes Signing a JAR using a certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Signing a JAR using a certificate" Watch "Signing a JAR using a certificate" New topic

Signing a JAR using a certificate

Tokai Moshai

Joined: May 24, 2006
Posts: 16
Hi, I've already spent hours on this, please post if you know whats going on. Thank you very much.

Here is the problem: I've a certificate file, say name is: mycert.crt. I've a JAR applet named myapplet.jar. I need to sign the applet so that it runs on a website. I know the private key and public key of the certificate. I tried to import it using the keytool:

Then I tried to sign the jar file using the following:

When I verify it, it says the JAR is signed.

However, when I try to run it I get the error message: The jar is signed but the application's digital signature is invalid (not exact wording).

I've an already signed jar that works fine but the one I try to sign does not work. Any solution?
[ May 31, 2006: Message edited by: Tokai Moshai ]
Jeff Osborn

Joined: Jun 12, 2006
Posts: 8
This can be a nightmare.

These steps take you through all that you will need to do to create a key store, a self signed certificate, export the certificate and then sign the jar

Keystore example:

1)generate key store
C:\j2sdk1.4.1_02\bin>keytool -genkey -alias ozzie -dname "cn=ozzie, ou=engr, o=YourCompanyName, c=US" -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

2)generate certificate
C:\j2sdk1.4.1_02\bin>keytool -selfcert -alias ozzie -validity 1000000 -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

3)export certificate
C:\j2sdk1.4.1_02\bin>keytool -certreq -alias ozzie -file C:\projectname\lib\security\ozzie.cer -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

4)sign the jar
C:\j2sdk1.4.1_02\bin>jarsigner.exe -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword C:\projectname\webApplication\dps.jar ozzie

Note: Assumes java is installed at C:\j2sdk1.4.1_02\ ;-)
Note: The keytool will create the keystore C:\projectname\lib\security\.keystore can be left off to default to the jdk keystore (java.home\lib\security\.keystore), but you really don't not want to mess with the jdk keystore and have to reinstall.
Note: MAKE SURE you write down the passwords used. In this case ozziepassword.

The standard SDK documentation will have both the keytool and the jarsigner in them. They are a little hard to read though.

Another good post is..
How to self sign

You should still get a dialog that will ask you if you trust this applet, because it has not been signed by a known Root Authority, but it is good enough for development. Pick 'yes always' and you will be good to go.

Good Luck,


Jeff Osborn<br />Procelerate Technologies<br /><a href="" target="_blank" rel="nofollow"></a>
Rohan Kalbhor
Ranch Hand

Joined: Aug 18, 2006
Posts: 78
Hi Jeff,

That was really very helpful.
I was searching for a document of such a kind for a long time.....

..............................<br />Exceptions are a part of possibility<br />Errors are a part of truth<br />................................
I agree. Here's the link:
subject: Signing a JAR using a certificate
It's not a secret anymore!