Knowledge Base

Scenario

When signing Java files with jarsigner, using a DigiCert® Software Trust Manager certificate created with Java keytool, the “jar signed” success message may include a warning: “The signer’s certificate is self-signed.”

Solution

If the keystore that contains the signing certificate also contains the CA certificate from your DigiCert ONE account (this can be confirmed by viewing the keystore contents using “keytool list -keystore ‘path to keystore file’ “, to see if the CA certificate is listed), this error is due to some versions of keytool erroneously marking the certificate as self-signed during creation.

This can be remedied by creating a new certificate from the same key pair, either within the DigiCert ONE account interface in your browser or by using the DigiCert® Software Trust Manager client tools in command line.

The newly created certificate’s chain should be recognized, which eliminates the self-signed certificate warning in jarsigner.

For additional assistance, contact DigiCert PKI Support.