Certify a Java application (JRE ) helps to avoid safety error messages and reassures customers. The procedure is quite simple, you have to buy a “Code Signing Certificate for Java” from Symantec / Digitcert, Globalsign, GoDaddy or other authority and use this certificate to sign jar files. In order to receive or renew an existing CodeSigning certificate, you must generate a CSR (Certificate Signing Request).
The objective is to avoid this type of error when launching a Java application:
This tutorial explains how to generate a file CSR to request a Java Code Signing certificate to certify Jar files and secure an application based on Oracle Java or OpenJDK .
Prerequisites: having a JDK installed (Java Development Kit) on the workstation that will execute the command. This one doesn’t need to be a PC as a developer. Here, a Windows workstation is used.
Generate a keystore and a CSR (RSC ) for Java Code Signing certificate
1. Open a Command prompt as Administrator to avoid writing problems on the hard disk.
2. Place yourself in a free folder, for example cd C:\certificate
3. Run the command to create a key that will be generated with the keystore java.
keytool -genkey -keyalg rsa -keystore
-alias -keysize 2048
For example, by searching for the keytool executable in the installation folder of the JDK :
"C:\Program Files\Java\jdk1.8.0_201\bin\keytool.exe" -genkey -keyalg rsa -keystore keystore_csr -alias alias_csr -keysize 2048
4. Indicate a password to secure this file and confirm it:
Enter the password for the key file:
Re-enter the new password:
5. Answer to all the questions asked:
Enter the password for the key file: Re-enter the new password: What are your first and last names?
[Unknown] : Jean Dupont
What is the name of your organizational unit?
[Unknown] : IT
What is the name of your company?
[Unknown] : SOCIETE
What is the name of your city of residence?
[Unknown] : Paris
What is the name of your state or province?
[Unknown] : IDF
What is the two-letter country code for this unit?
[Unknown] : FR
Is this the case? CN = Jean Dupont , OU== IT , O= SOCIETE , L= Paris ST=, ST= IDF , C= FR ?
[non] : yes
6. Enter a password :
Enter the key password for (press Enter if this is the password for the key file):
Re-enter the new password:
7. Still in the command prompt, generate the file CSR from the keystore:
keytool -certreq -keystore -alias -thread .csr
Let for example:
"C:\Program Files\Java\jdk1.8.0_201\bin\keytool.exe" -certreq -keystore "C:\certificate\keystore_csr" -alias alias_csr -file "C:\certificate\newcsr.csr"
8. Confirm the password .
9. Two files have been created in the specified folder. Send the.csr to the certificate authority to create or renew a Java Code Signing certificate.