• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

Signing a JAR using a certificate

Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I've already spent hours on this, please post if you know whats going on. Thank you very much.

Here is the problem: I've a certificate file, say name is: mycert.crt. I've a JAR applet named myapplet.jar. I need to sign the applet so that it runs on a website. I know the private key and public key of the certificate. I tried to import it using the keytool:

Then I tried to sign the jar file using the following:

When I verify it, it says the JAR is signed.

However, when I try to run it I get the error message: The jar is signed but the application's digital signature is invalid (not exact wording).

I've an already signed jar that works fine but the one I try to sign does not work. Any solution?
[ May 31, 2006: Message edited by: Tokai Moshai ]
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This can be a nightmare.

These steps take you through all that you will need to do to create a key store, a self signed certificate, export the certificate and then sign the jar

Keystore example:

1)generate key store
C:\j2sdk1.4.1_02\bin>keytool -genkey -alias ozzie -dname "cn=ozzie, ou=engr, o=YourCompanyName, c=US" -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

2)generate certificate
C:\j2sdk1.4.1_02\bin>keytool -selfcert -alias ozzie -validity 1000000 -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

3)export certificate
C:\j2sdk1.4.1_02\bin>keytool -certreq -alias ozzie -file C:\projectname\lib\security\ozzie.cer -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

4)sign the jar
C:\j2sdk1.4.1_02\bin>jarsigner.exe -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword C:\projectname\webApplication\dps.jar ozzie

Note: Assumes java is installed at C:\j2sdk1.4.1_02\ ;-)
Note: The keytool will create the keystore C:\projectname\lib\security\.keystore can be left off to default to the jdk keystore (java.home\lib\security\.keystore), but you really don't not want to mess with the jdk keystore and have to reinstall.
Note: MAKE SURE you write down the passwords used. In this case ozziepassword.

The standard SDK documentation will have both the keytool and the jarsigner in them. They are a little hard to read though.

Another good post is..
How to self sign

You should still get a dialog that will ask you if you trust this applet, because it has not been signed by a known Root Authority, but it is good enough for development. Pick 'yes always' and you will be good to go.

Good Luck,

Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Jeff,

That was really very helpful.
I was searching for a document of such a kind for a long time.....

    Bookmark Topic Watch Topic
  • New Topic