- Contact Us
-
choose your language
-
Knowledge Base
Jarsigner signing with a token on Linux
Process
1. Locate the libeTPkcs11.so library by running the following command:
find / -name libeTPkcs11.so
Note: This location will be needed later.
2. Locate jarsigner with the following command:
find /-name jarsigner
3. Go to the jarsigner directory:
cd "/JarSigner/Directory"
4. Run the command:
sudo nano to open a text editor in the terminal.
5. Enter the following in nano to create your eToken.cfg file:
name=eToken
library="Path/to/libeTPkcs11.so"
6. Save the text file and name it "eToken.cfg", then press Enter.
Note: If prompted to confirm, press Y. Press Ctrl+X to exit Nano.
7. Obtain your certificate alias with the following command:
keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg
8. Your alias will be the Highlighted Portion of the output example below.
9. Sign with the following command:
jarsigner -keystore NONE -storetype PKCS11 -tsa http://timestamp.digicert.com -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /path/to/test.jar "certificateAlias"
Troubleshooting:
java.security.KeyStoreException: PKCS11 not found Add the following line to your eToken.cfg file “slot=0”, save it and try again. If it fails increment the number up by 1 “slot=1” then “slot=2” saving and trying after each time. The slot dictates where jarsigner is supposed to find the token. It will generally be slot 0-4.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2022-2024, DigiCert, Inc. All rights reserved.
Cookie Settings
