Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2009-09-30 11:35:47.0

TN 7889 - How do I sign a JAR file using an Entrust certificate with the JDK jarsigner tool?

How do I sign a JAR file using an Entrust code signing certificate and the JDK jarsigner tool?

Before using the jarsigner tool, you need to know the friendly name of the key entry that you are using to sign the JAR. If you do not know the friendly name, you can use the JDK keytool application to display it.

To determine the friendly name of the key entry (optional if you know the friendly name):

1. Open a command prompt.
2. Enter the command:
   <path to keytool>\keytool -list <certificate_name> -v
   For example:
   \JDKS\jdk1.6.0_03\jre\bin\keytool -list EntrustCert -v
3. Enter the password when prompted.
   Keytool lists information about the keystore, including the friendly name.

To sign the JAR file, use the jarsigner tool included in the JDK. Include the timestamp option if you want to timestamp the signature. The URL of the Entrust timestamp server is http://timestamp.entrust.net/TSS/JavaHttpTS.

1. Open a command prompt, if you have not already done so.
2. Enter the following command:
   <path to jarsigner>\jarsigner -tsa <URL of the Entrust timestamp server> <certificate name> <path to JAR file>\<JAR file name.jar> <friendly name of key entry>
   For example:
   \JDKS\jdk1.6.0_03\bin\jarsigner EntrustCert -tsa http://timestamp.entrust.net/TSS/JavaHttpTS \work\MyProject\MyApplet.jar MyKeyEntry
3. Enter the password when prompted.
   You have signed a JAR file.
   
   For more information, follow the link to the user guide.
   
   http://www.entrust.net/ssl-resources/pdf/ECS_Java_Code_Signing_Guide.pdf

Affected Products:

• Entrust Certificate Services ECS Code Signing Certificate Version Not Applicable Language Not Applicable Platform Not Applicable