1. Once the certificate is in located in the browser, export the certificate with the private key and include all of the certificates and export all extended properties. A password is required. The exported file will be .PFX format. Check http://codesigning.ksoftware.net/export for export instructions.

2. Make sure the most current version of JDK is installed.

3. Create a .bat file and run the following commands:

keytool.exe -importkeystore -srckeystore YourExportedCertificateFileName.pfx -srcstoretype pkcs12 -destkeystore YourKeystoreFileName -deststoretype JKS

YourKeystoreFileName will be created.

4. Get the alias value assigned by Sectigo by running the following command (it is also displayed at Step 3).

keytool.exe -list -storepass YourPassword -keystore YourKeystoreFileName -v

(Where YourPassword is what you entered in performing Step 3)

5. Sign the JAR using the following syntax:

jarsigner.exe -keypass YourKeyPassword -keystore YourKeystoreFileName -storepass YourStorePassword -tsa http://timestamp.comodoca.com/rfc3161 -digestalg SHA-1 YourJarName.jar YourAliasString

Password is the value specified in step3 above. Note your key and store password could be different.

Note : -digestalg can be whatever digest algorithm you choose, though SHA-1 and SHA-256 are common choices.

6. You can verify the jar has been signed with the following syntax:

jarsigner.exe -verify -verbose -certs YourJarName.jar

Timestamping with Jarsigner requires timestamps that comply with RFC 3161 (Time Stamping Protocol) so use the timestamp URL http://timestamp.comodoca.com/rfc3161 with Jarsigner.