如何将VeriSign证书与Oracle的jarsigner一起使用来签名jar？

Question

I already have a VeriSign certificate to sign EXEs. I need to reuse it to sign jars.

Is it possible to reuse that certificate to sign jars?

Can someone explain me, how to use this VeriSign certificate with Oracle's jarsigner to sign jar files?

Any help is appreciated.

Steps I followed:

Step 1. Create key store keytool -genkey -keyalg rsa -keystore MYStore.ks -alias mySelf -keysize 2048

keystore pw : 4804994 mySelf pw: abcdef

Step 2. Import Verisign certificate to key store

keytool -importcert -file MSCV-VSClass3.cer -keystore MYStore.ks

This displays certificate info and ask; Trust this certificate ? [no] : yes

Certificate was added to keystore.

Step 3. jarsigner -keystore MYStore.ks TestRun.jar mySelf

Warning: signer certificate will expire within six months.

Now I wanted to verify the signed jar.

jarsigner -verify -verbose -certs TestRun.jar

Warning: This jar contain entries whose signer certificate will expire within six months. This jar contain entries whose certificate chain is not validated.

As I understand, key store does not have the private key of the public key in the certificate.

How to solve this issue?

Cheers.

Answer 1

You can just start signing with the PFX file as this can be seen as a keystore file. The command you can try and use would be something like

jarsigner -storetype pkcs12 -keystore cert2013.pfx something.jar "1" -tsa http://verisignstimestampurl.something.com

Or you can import the PKCS12 file into to a JKS file but that seems a bit pointless;

keytool -importkeystore -srckeystore cert2013.pfx -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

Hope any of the two commands above help. The first command you will have to find out what VeriSigns timestamp URL is, and the "1" was also a guess, you can view the alias assigned to it by typing;

keytool -list -keystore cert2013.pfx -storetype PKCS12

Regards,