Jar Code Sign Certificate

Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. It also allows users to cache certificates. Java Keytool stores the keys and certificates in what is called a keystore. By default the Java keystore is implemented as a file. It protects private keys with a password. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate. ^{sslshopper.com}

Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates. Java Keytool also several other functions that allow you to view the details of a certificate or list the certificates contained in a keystore or export a certificate.

---

Creating self-signed certificates for the TLS communication ^docs.bmc.com

A self-signed certificate is a certificate that is signed with its own private key. Self-signed certificates can be used to encrypt data just like the CA-signed certificates, but the users are shown a warning that says the certificate is not trusted by their computer or browser. Therefore, use self-signed certificates only if you do not need to prove your service identity to its users (e.g. non-production or non-public servers).

There are various tools available to generate self-signed certificates. Following section lists some of them:

• Create key store and trust store using Oracle keytool. For more information, see the following documentation:
  • Oracle documentation: Generating a key store and a trust store
  • Oracle documentation: Creating a key store in JKS format
  • Oracle JAVA Tutorial: Generating keys
• Create security certificates using open source tool OpenSSL tool.
• Create security certificates using Mozilla NSS tool. For more information, see NSS Tools certutil.

---

Code Signer ^{Jar Signing Certificate}

Distinguished-Name Information
If you use the preceding keystore command, you will be prompted for your distinguished-name information. Following are the prompts; the bold indicates what you should type.

Type the following command in your command window to create a keystore named examplestore and to generate keys:

keytool -genkey -keystore examplestore -alias signFiles

C:\Program Files\Java\jdk1.6.0_45\bin>keytool.exe -genkey -keystore worldClasseskeys -alias yash
Enter keystore password: <tomcatpass>
Re-enter new password:   <tomcatpass>
What is your first and last name?
  [Unknown]:  Yash
What is the name of your organizational unit?
  [Unknown]:  worldClasses
What is the name of your organization?
  [Unknown]:  IT
What is the name of your City or Locality?
  [Unknown]:  HYD
What is the name of your State or Province?
  [Unknown]:  TELANGANA
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Yash, OU=worldClasses, O=IT, L=HYD, ST=TELANGANA, C=IN correct?
  [no]:  YES

Enter key password for <yash>
        (RETURN if same as keystore password): <tomcatpass>
Re-enter new password: <tomcatpass>

Sign the JAR File
Now you are ready to sign the JAR file. Type the following in your command window to sign the JAR file Count.jar, using the private key in the keystore entry aliased by signFiles, and to name the resulting signed JAR file sCount.jar:

jarsigner -keystore examplestore -signedjar sCount.jar Count.jar signFiles 

You will be prompted for the store password and the private key password.

Note: The jarsigner tool extracts the certificate from the keystore entry whose alias is signFiles and attaches it to the generated signature of the signed JAR file.

worldClasses_CodeSign «

jarsigner.exe -keystore D:\worldClasseskeys.jks D:\Tomcats\tomcat-7.0.37\webapps\ROOT\LearnJava.jar yash