Facbook Pixel

Java Code Signing: Download certificate & sign code

After verifying your certificate request, you can download your certificate files and use them to sign your Java code.

Download your certificate

  1. In your SSL certificate manager, click Download.
    1. Not in your SSL certificate manager? Log in to your ITEGY account.
    2. Click SSL Certificates.
    3. Next to the account you want to use, click Manage.
    4. Complete step 1 above.
  2. Click Download ZIP file.

Move your certificate file

  1. Unzip the ZIP file you download.
  2. Open the unzipped folder and locate the file ending in -SHA2.pem.
  3. (Optional) Rename the PEM file to something easier to type, for example mycert.pem.
  4. Move the PEM file to the place where you created your keystore.

    For Windows users, this is the bin directory of your JDK installation—for example:
    C:\Program Files\java\jdkversion number\bin

Windows-only preparation

If you're using Windows, you must complete the following steps before you can install the certificate and sign your code.

  1. Run cmd as an administrator.
  2. Move to your JDK installation's bin directory:
    cd C:\Program Files\java\jdkversion number\bin

Install the certificate

  1. Through your command line, navigate to the directory where you created your keystore. (Windows users should already be here.)
  2. Install your certificate:
    keytool -importcert -file mycert.pem -keystore codesignstore
  3. Enter your keystore's password.
  4. Type yes that you want to trust the certificate, and then press enter.

Sign your code

  1. Sign your code:
    jarsigner -verbose -keystore codesignstore -tsa http://tsa.starfieldtech.com/ your jar file.jar codesigncert
    Windows users might need to use the full paths to their keystore (JKS) and JAR files.
  2. Enter your keystore's password.
  3. Verify your code is signed.
    jarsigner -verify -verbose -certs your jar file.jar

If everything worked, you'll see jar verified.

You should expect to see "This jar contains entries whose certificate chain is not validated." The presence of this warning does not indicate that your certificate won't work.

Next step

  • That's it! You can now start distributing your signed code.