Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-09-07 15:42:07.0

How do I sign a JAR file using an Entrust certificate with the JDK jarsigner tool?

Article Number: 46204

How do I sign a JAR file using an Entrust code signing certificate and the JDK jarsigner tool?


Before using the jarsigner tool, you need to know the friendly name of the key entry that you are using to sign the JAR. If you do not know the friendly name, you can use the JDK keytool application to display it.


To determine the friendly name of the key entry (optional if you know the friendly name):


  1. Open a command prompt.
  2. Enter the command:
    <path to keytool>\keytool -list <certificate_name> -v
    For example:
    \JDKS\jdk1.6.0_03\jre\bin\keytool -list EntrustCert -v
  3. Enter the password when prompted.
    Keytool lists information about the keystore, including the friendly name.


To sign the JAR file, use the jarsigner tool included in the JDK. Include the timestamp option if you want to timestamp the signature. The URL of the Entrust timestamp server is http://timestamp.entrust.net/TSS/RFC3161sha1TS for SHA-1 and http://timestamp.entrust.net/TSS/RFC3161sha2TS for SHA-2



  1. Open a command prompt, if you have not already done so.
  2. Enter the following command:
    <path to jarsigner>\jarsigner -tsa <URL of the Entrust timestamp server> <certificate name> <path to JAR file>\<JAR file name.jar> <friendly name of key entry>
    For example:
  3. Enter the password when prompted.
    You have signed a JAR file.

    For more information, follow the link to the user guide.
  4. To verify the code has been signed correctly, you can run the command :                                                                                       
  5. Jarsigner -verify -verbose <path><your jar file>


Affected Products:

  • Entrust Certificate Services ECS Code Signing Certificate Version Not Applicable Language Not Applicable Platform Not Applicable