Code Signing for JavaDigitally Sign .jar Files and Java Apps
GlobalSign Code Signing Certificates for Java are used to sign .jar files and Java applications for desktop and mobile devices and are recognized by Java Runtime Environment (JRE).
Digitally signing your .jar files and Java applications protects your code against tampering and binds your identity to the code, assuring end users that the code originated with you and can be trusted. Security warnings that appear when downloading unsigned code are removed.
- Removes "Unknown Publisher" security warnings when code is downloaded
- Signature does not expire due to timestamping service
- Unless you’re adding additional code to your application, a new signature will not need to be applied even if the certificate used to initially sign the code expires.
- Sign an unlimited number of apps
- Protect your brand and reputation
- You will need to generate your Certificate Signing Request (CSR) before starting the application process. For help with this, please consult our Java Code Signing guide.
Enrollment Process - Vendors & Organizations
- Click buy now or renew to begin the enrollment process.
- Complete all the steps in the GlobalSign online application wizard.
- If an optional email address is used in the certificate details, you will receive a system generated email to validate the address.
- GlobalSign will then verify the information provided in your application via third party sources. Please allow two to three business days for this step.
- If we are able to confirm the information you provided, a vetting agent will contact you by phone to confirm your order. If we are not able to confirm your information, a vetting agent will contact you to gather more information.
- You will receive an email at the address provided in your application with a link to download and install your Code Signing Certificate.
Why Sign Code?
Add an essential level of trust to the application installation process. The solution is simple – Sign your code!
Unsigned Java applications display warnings to the end user that the digital signature cannot be verified by a trusted source and advises they only continue with the install if they trust the origin of the application.
Scary security alerts are removed when the Java application is signed. End users can clearly see the publisher of the file and are informed that the digital signature has been verfied by a trusted source.