1. Once the certificate is collected by your browser, export it along with its private key, "include all certificates in the certification path if possible" and "export all extended properties". The exported file will be .PFX or .P12 format. ( Refer the following articles for exporting the PFX/P12 file. )
Export Certificates (Windows)
Exporting Certificates (MAC)
2. Make sure the latest version of JDK is installed.
3. Retrieve the Alias Name from your .PFX file:
keytool -list -v -storetype pkcs12 -keystore mycertificate.pfxIn the output, you will see the Alias name. ( The Alias name is usually the string up to the first comma before the date ). Copy this Alias name.
4. Sign the JAR using the following syntax:
jarsigner -storetype pkcs12 -keystore mycertificate.pfx -tsa http://timestamp.comodoca.com/rfc3161 -digestalg SHA-256 file.jar "aliasname"
-digestalg can be whatever digest algorithm you choose, though SHA-1 and SHA-256 are common choices.
5. You can verify the jar has been signed with the following syntax:
jarsigner -verify -verbose -certs YourJarName.jar
Note: Timestamping with Jarsigner requires timestamps that comply with RFC 3161 (Time Stamping Protocol) so use the timestamp URL http://timestamp.comodoca.com/rfc3161 with Jarsigner.