• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown


Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Howdy Y'all,
Greenhorn is an accurate descriptor for me with regards to this topic. We have an applet which writes to the client's hard drive and so we had to get a Code Signing Certificate. We purchased it from Thawte and it has been working great. We initially signed our applet with signtool.
I am now in the process of trying to create an ANT script which will include the generation of the signed jar file. As far as I can see ANT wants to use jarsigner instead of signtool. (Can anyone point me to an ANT task which works with signtool?) Jarsigner would be fine with me if I could get it to work.
I have read through the jarsigner and keytool documentation from Sun. It indicates that you must first use keytool to generate a private/public key pair and then export a Certificate Signing Request. However, the person who was involved in the purchase of the Code Signing Certificate from Thawte has indicated that for a Code Signing Certificate we did not need to generate such a request and that Thawte sent us a private key (mykey.pvk) and then we downloaded from Thawte the mycert.spc file. Does this sound right?
I have the "mycert.spc" and "mykey.pvk" files which we purchased from Thawte. I have used PVKIMPRT.EXE tool from Microsoft to create a PKCS12 keystore (keystore.pfx). When prompted by the export wizard I told it to export my private key. I have used code from a previous post on this site to determine the alias (thanks Pankaj Kr!). I then used the command:

jarsigner prompts me for the password and returns:

It does not sign the jar file. Does anyone know why this did not work? I printed the certificate from the keystore and can see that the X.500 Distinguished Name appears to be correct.
I have also used keytool to export the certificate from the PKCS12 keystore and import it into a JKS keystore. Jarsigner then returns:

Please enlighten me! Thanks in advance for your help!!
Mark Binau
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I upgraded to use the jarsigner.exe that came with J2SDK 1.4.2 and it works just fine.
Sometimes you feel like a nut. Sometimes you feel like a tiny ad.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic