Eclipse update site - how to sign jars?

Question

I have a few Eclipse plugins that are part of a feature. We would like to apply code signing to these plugins when the update site is updated.

I can see the JAR Signing tab when exporting an individual plugin, but I can't see anything similar in my update site project settings.

Also, the tutorials that I have read are using self-signed certificates. Can anyone point me towards instructions for using Verisign certificates (i.e. *.pfx files)?

Can anyone help?

Thanks, Alan

Edit: I have marked Kane's response as the answer because it is very similar to the steps that I took and was an inspiration. I actually followed these instructions to sign the jars because it was based on pfx files: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1072

Step 1: Run the following command to view details about the certificate (substituting the filename with your own):

keytool -list -v -storetype pkcs12 -keystore [Filename].pfx

Step 2: Scroll to the top of the output and take a note of the Alias name value.

Step 3: Sign each jar file using the following command (substituting the filenames and alias name for your own):

jarsigner -storetype pkcs12 -keystore [Filename].pfx [Filename].jar "[AliasName]"

I now need to come up with a way of managing / automating the process.

Answer 1

Update site project doesn't provide such capability to sign the jars. Signing jars is a pure java concept, you could use the signtool from JDK to do it.

If you want to sign you jars via using the certificate for Windows code signing, you could refer to this blog post.

In my successful experience, I convert pfx to JKS format certificate firstly, then call below command in ant,

<signjar sigfile="MyCompany" alias="${sign.alias}" keystore="${sign.keystore}" storepass="${sign.storepass}" keypass="${sign.keypass}" tsaurl="https://timestamp.geotrust.com/tsa" preservelastmodified="true">