1. Once the certificate is in located in the browser, export the certificate with the private key and include all of the certificates and export all extended properties. A password is required. The exported file will be .PFX format. Check http://codesigning.ksoftware.net/export for export instructions.


2. Make sure the most current version of JDK is installed.


3. Create a .bat file and run the following commands:


keytool.exe -importkeystore -srckeystore YourExportedCertificateFileName.pfx -srcstoretype pkcs12 -destkeystore YourKeystoreFileName -deststoretype JKS


YourKeystoreFileName will be created.


4. Get the alias value assigned by Comodo by running the following command (it is also displayed at Step 3).


keytool.exe -list -storepass YourPassword -keystore YourKeystoreFileName -v


(Where YourPassword is what you entered in performing Step 3)


The alias is a 39 character string that looks something like this:


le-e76649fec-3a2f-4cda-8a6e-441c224481b



5. Sign the JAR using the following syntax:


jarsigner.exe -keypass YourKeyPassword -keystore YourKeystoreFileName -storepass YourStorePassword -tsa http://timestamp.comodoca.com/rfc3161 -digestalg SHA-1 YourJarName.jar YourAliasString

Password is the value specified in step3 above. Note your key and store password could be different.

Note : -digestalg can be whatever digest algorithm you choose, though SHA-1 and SHA-256 are common choices.

6. You can verify the jar has been signed with the following syntax:


jarsigner.exe -verify -verbose -certs YourJarName.jar



Timestamping with Jarsigner requires timestamps that comply with RFC 3161 (Time Stamping Protocol) so use the timestamp URL http://timestamp.comodoca.com/rfc3161 with Jarsigner.