7 Replies Latest reply on Mar 7, 2013 3:03 AM by EJP

    Signing jars with certificates and separate private keys

      My company sent me a set of certificates that I'm supposed to use to sign my jars. I can't figure out how to do it. Currently I'm getting the following error:

      jarsigner: Certificate chain not found for: mykey. mykey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

      Here's what I've done: Two of the files I got had .spc and .p7b extensions. It seems they are binary PKCS #7 certificates, which keytool wouldn't read (though it says it will.) So, I imported them into the Microsoft Certificate store and re-exported them as base64 X.501 certificates and keytool accepted them. But jarsigner won't sign jars with them, as per the error message.

      I also got a file with a pvk extension, which is apparently a Microsoft private key. I have no idea what, if anything, I can do with it.

      Is it possible to sign jars with anything other than jarsigner?
      Is it possible to sign jars with certificates that weren't generated by the process given in the jarsigner documentation: genseckey, certreq?