All geek questions in one place

Signing a .jar file with a .cer file

I am trying to sign a jar file with a code signing certificate issued by globalsign.

I am completely new to this, but after some searches and a lot of trial and error, I followed the steps below.

I imported the certificate into the keystore using:

keytool -importcert -alias signalias -file OS200912023195.cer

When I try to sign my jar file using:

 jarsigner applet.jar signalias

I get the following error:

jarsigner: Certificate chain not found for: signalias. signalias must reference a valid KeyStore that contains the private key and the corresponding public key certificate chain.

Have I forgotten something or a problem with the certificate?

+6
source share
5 answers

... I wonder, maybe I need something more than just a file? ...

@Mark I think you're right. As I recall, the type of exception is type

jarsigner: Certificate chain not found for: signalias. the alarm should link to a valid KeyStore key record containing the private key and the corresponding public key certificate chain.

... makes me think that you are trying to sign a bank with a certificate only. Therefore, you need to skip some important steps: |

The first thing you need to do if you want to use a certificate is gen CSR ...

  • A) gen keystore; then gen is the public / private key in the keystore. Team like

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

  • B), then gen CSR - for more information you can read this . Team like

keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr

  • C) for more details on the general keytool commands you can read this

if you are fine with OpenSSL, then pass your own certificate as follows: step D ...

  • D) In ​​case you need to have a self-signed certificate, you can follow these steps ...

... back to your keystore

  • E) only after that you import the certificate into the keystore using a command like

keytool -import -trustcacerts -alias root -file server.crt -keystore keystore.jks

  • F) And only then can you use the jarsigner tool to sign your jar

Comment if this helps

+6
source

.cer files never store private keys, and to sign a JAR you need to have a private key in the keystore. Therefore, I think you need to find out where the secret key of your certificate is located, and add it to the keystore.

+2
source

Could you use the following command to check the keystore for the imported certificate.

keytool -list -v -keystore your_keystore_name -alias your_alias

if the data turned out to be correct, there seems to be a problem with the certificate provided. It is incomplete.

0
source

jarsigner: Certificate chain not found for: signalias. the alarm should link to a valid KeyStore key record containing the private key and the corresponding public key certificate chain.

I got this error when I created my certificate signing request (CSR) using the openssl command instead of using keytool. As a result, when I created my keystore, it did not contain the private key, but only the certificate that I imported.

My problem has been fixed in this article: Can a Java keystore import a key pair generated by OpenSSL?

After creating the key and certificate using OpenSSL, use OpenSSL to create the PKCS # 12 key store:

openssl pkcs12 -export -in cert.pem -inkey key.pem> server.p12

Then convert this store to a Java keystore:

keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12

0
source

Source: https://habr.com/ru/post/922052/

More articles:


All Articles