Ask a Question

Solution ID : SO22646

Error: "Invalid sha1 signature file digest for" when verifying a Jar file

Problem

Users receive the error:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for org/apache/log4j/net/DefaultEvaluator.class

when running the command jarsigner -verify -verbose -certs your-jar-file

Solution

To resolve this error, resign your jar file by running the following command:

jarsigner -keystore mykeystore -digestalg SHA1 your-jar-file youralias

Note: We added the parameter -digestalg SHA1

Once signed, verify your signature again by following command:

jarsigner -verify -verbose -certs your-jar-file