Set up AWS CloudHSM keys and certificates with Jarsigner

Before you can sign AWS CloudHSM JAR files with Jarsigner, make sure you have set up or completed the following steps:

Follow the guidance in the AWS CloudHSM Key store prerequisites .
Set up your signing keys and the associated certificates and certificate chain which should be stored in the AWS CloudHSM key store of the current server or client instance. Create the keys on the AWS CloudHSM and then import associated metadata into your AWS CloudHSM key store. Use the code sample in Registering Pre-existing Keys with AWS CloudHSM Key Store to import metadata into the key store. If you want to use keytool to set up the keys and certificates, see Create new AWS CloudHSM keys with keytool. If you use multiple client instances to sign your JARs, create the key and import the certificate chain. Then copy the resulting key store file to each client instance. If you frequently generate new keys, you may find it easier to individually import certificates to each client instance.
The entire certificate chain should be verifiable. For the certificate chain to be verifiable, you may need to add the CA certificate and intermediate certificates to the AWS CloudHSM key store. See the code snippet in Sign a JAR file using AWS CloudHSM and Jarsigner for instruction on using Java code to verify the certificate chain. If you prefer, you can use keytool to import certificates. For instructions on using keytool, see Using Keytool to import intermediate and root certificates into AWS CloudHSM Key Store.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Use key store with jarsigner

Sign a JAR file