Sign a JAR File

Process services require that you digitally sign your custom step processor Java ARchive (JAR) file with either a Netscape Object Signing Certificate or a Sun Java Object Signing Certificate. (The Netscape Object Signing Certificate is recommended).

Developers who create custom step processors can obtain a digital certificate to sign their JAR files from either VeriSign Inc. (http://digitalid.verisign.com/developer/nos_pick.htm) or Thawte Consulting (http://www.thawte.com/). (The default JAR files are signed with a Netscape Object Signing Certificate.) Custom signing has been tested in custom step processor JAR files with this type of certificate. With a single certificate, developers can create and sign as many custom step processor JAR files as needed.

Note If you use the out-of-the-box Java Step Processors without modifying them, you can use the default VeriSign certificate provided by FileNet. This certificate must be annually renewed (as of July 31st).

Signing a Java ARchive (JAR) File

The following procedure describes how to create a JAR file signed with the Netscape Object Signing Certificate, using the Netscape signing tool (signtool). For additional information, see the Netscape Developer's Site (http://developer.netscape.com/software/signedobj/jarpack.html).

Note If you purchase a Sun Java Object Signing Certificate, you must use the Sun Microsystems JAR signing tool: jarsign. In this case, you will have to use a different procedure from that provided below. (Sun offers an on-line tutorial demonstrating how to use the jarsign tool at http://java.sun.com/docs/books/tutorial/jar/sign/index.html.)

  1. Create a new directory on the your development system. (For example, C:\certificate.)
  2. Copy the files supplied by VeriSign or Thawte to the new directory.
  3. Create a second new directory. (For example, C:\Sign.)
  4. Copy the contents of the files to include in the JAR file to the second directory. (For example, C:\Sign.) Make sure you include the MANIFEST.MF file in a META-INF subdirectory of the second newly created directory. (For example, you would place the MANIFEST.MF file in the C:\Sign\META-INF directory.)
  5. Open a command Prompt, and change to the directory directly above your C:\sign directory. (For example, C:\.)
  6. Enter a command similar to the following:

C:\certificate\signtool -d"C:\certificate" -k"<Your_company_name>" -Z"<Your_jar_file_name>" -p"<Your_password>" sign

where <Your_company_name> is replaced by the company name as stated by your certificate provider, <Your_jar_file_name> is replaced by the name you wish to give the JAR file, <Your_password> is replaced by your password supplied by your certificate provider, and sign is the name of the directory containing the files your wish to have in the signed JAR file.

  1. Once signtool finishes, verify that the JAR was signed properly by entering the following command:

C:\certificate\signtool -d"C:\certificate" -w Your_jar_file_name

where <Your_jar_file_name> is replaced by the name you wish to give the JAR file.