We sign our .net code with a .PFX cert file. A colleague now needs to use the the same cert to sign a .jar file for a customer.

Can someone point me to a link or an example of how I can do this please?

The jar file will be used on Oracle Web Logic Server running on Solaris.

And, once signed do we need to send out anything other signed jar file?

Thanks.

From here :

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1072

Check if you can see the certs

-> keytool -list -v -storetype pkcs12 -keystore file.pfx 

Note the alias.

If it can: -> jarsigner -storetype pkcs12 -keystore file.pfx myjar.jar alias

That's all there is to it.

To verify the signature of the file...

-> jarsigner -verify JAR_FILE 

Where JAR_FILE is the file to be signed.