Since February, GlobalSign has been issuing EV Code Signing certificates. This means that code signing must be done using a hardware token (Safenet USB eTokens).
Since I had to switch to EV Code Signing, I noticed a huge increase in time when signing up my application. After a few minutes with the usual java repository, more than 40 minutes using eToken.
According to the GlobalSign website, I have to sign my banks as follows:
jarsigner -keystore NONE -storetype PKCS11 -tsa http://timestamp.globalsign.com/scripts/timestamp.dll -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.config -storepass mypass myapp.jar myalias
I contacted GlobalSign support, but they could not help me, because the signature really works ... very slowly.
Things I tried:
- Alternative TSA
- Signing without TSA
- Place the project on the same drive and jarsigner location section
- Using command line instead of maven profile (configured in my IDE)
Nothing affected the slow signing. Does anyone have other ideas or had the same problem?
source
share