Java Code Signing Cert as Authenticode Cert

Hasn’t it always just seemed wrong that you have to buy both an Authenticode and a Java Code Signing certificate? That might just be a thing of the past.

There’s a very thorough guide here that describes how you can convert a Java cert to an Authenticode cert.

The link to download the needed tools is broken, but I found it somewhere else:

This procedure worked for me and produced an Authentocde certificate, but my certificate was not immediately trusted by Windows. My certificate was obtained from GlobalSign and they used an intermediary certificate to sign this certificate. To make Windows trust this certificate the intermediary certificate must be included in the PKCS12 file as well.

To do this you can download a copy of the intermediary certificate from here:

The file is in the binary form, so convert it to X509 like this: openssl x509 -inform der -in sureobject.crt -out sureobject.pem

Then edit the jks2pfx.bat file and on the line that starts “openssl pkcs12″ add to the end: -certfile sureobject.pem

Run jks2pfx.bat again with the necessary arguments, enter the password you want to use, then open the PFX file to import the certificate and private key into your Windows certificate store.

You should be ready to start signing.

Leave a Reply