When signing Java files with jarsigner, using a DigiCert® Software Trust Manager certificate created with Java keytool, the “jar signed” success message may include a warning: “The signer’s certificate is self-signed.”
If the keystore that contains the signing certificate also contains the CA certificate from your DigiCert ONE account (this can be confirmed by viewing the keystore contents using “keytool list -keystore ‘path to keystore file’ “, to see if the CA certificate is listed), this error is due to some versions of keytool erroneously marking the certificate as self-signed during creation.
This can be remedied by creating a new certificate from the same key pair, either within the DigiCert ONE account interface in your browser or by using the DigiCert® Software Trust Manager client tools in command line.
The newly created certificate’s chain should be recognized, which eliminates the self-signed certificate warning in jarsigner.
For additional assistance, contact DigiCert PKI Support.