1. Once the certificate is in located in the browser, export the certificate with the private key and include all of the certificates and export all extended properties. A password is required. The exported file will be .PFX format. Check http://codesigning.ksoftware.net/export for export instructions.
2. Make sure the most current version of JDK is installed.
3. Create a .bat file and run the following commands:
keytool.exe -importkeystore -srckeystore YourExportedCertificateFileName.pfx -srcstoretype pkcs12 -destkeystore YourKeystoreFileName -deststoretype JKS
YourKeystoreFileName will be created.
4. Get the alias value assigned by Sectigo by running the following command (it is also displayed at Step 3).
keytool.exe -list -storepass YourPassword -keystore YourKeystoreFileName -v
(Where YourPassword is what you entered in performing Step 3)
5. Sign the JAR using the following syntax:
jarsigner.exe -keypass YourKeyPassword -keystore YourKeystoreFileName -storepass YourStorePassword -tsa http://timestamp.comodoca.com/rfc3161 -digestalg SHA-1 YourJarName.jar YourAliasString
Password is the value specified in step3 above. Note your key and store password could be different.
Note : -digestalg can be whatever digest algorithm you choose, though SHA-1 and SHA-256 are common choices.
6. You can verify the jar has been signed with the following syntax:
jarsigner.exe -verify -verbose -certs YourJarName.jar
Timestamping with Jarsigner requires timestamps that comply with RFC 3161 (Time Stamping Protocol) so use the timestamp URL http://timestamp.comodoca.com/rfc3161 with Jarsigner.