The instructions are found at: https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=AR185 and should be read in concert with the instructions here before trying to proceed.

The initial steps are done on a development PC using a program called keytool.exe which is part of the Java Development Kit (JDK). I did a search for files with this name so as to use the most recent one. In my case it was in "C:\Program Files\Java\jre1.8.0_122\bin"

  • Run the CMD.exe process as administrator due to where the files were located. In the CMD window do ... 
CD "C:\Program Files\Java\jre1.8.0_122\bin"

keytool.exe -genkeypair -keyalg rsa -keystore HLKeystore -alias highline -keysize 2048
  • Asks for password for which I used h1ghl1n3
  • Asks for first and last name for which I entered - James Aiken
  • Asks for name of organizational unit for which I entered - Product Development
  • Organization - High Line Corporation
  • City or Locality - Markham
  • State or Province - Ontario
  • Two-Letter Country Code - CA
  • Shows the entries and asks for confirmation.
Wants a "key password" for the alias which I entered as the same as the keystore password.

The above creates a file called HLKeystore in the "C:\Program Files\Java\jre1.8.0_122\bin" folder.

Now to generate the Certificate Signing Request to be sent to Verisign: 

keytool.exe -certreq -file certreq.csr -keystore HLKeystore -alias highline
This generates a file called certreq.csr in the folder.

Next steps are as follows:

1. Begin the enrollment process for a Code Signing ID from the products and services section of the Symantec Web site. The renewal form gave me this as the URL to use this time:

https://trustcenter.websecurity.symantec.com/process/trust/search?orderNumber=711755732&application_locale=VRSN_US&newLanguage=en&om_ext_cid=ws_email_java90vh&mth=Jan_2017

There are a series of web pages to work through.

2. Copy the contents of the CSR and paste them directly into the Symantec enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended). - I used Notepad++

3. Work with Jackie or Aileen to enter all the information and the CSR into the Verisign Website and then waited for them to send the info back.

> could be a couple of days and likely be a phone call to Jackie to verify.

4. Received Order Approval email that has link to the Digital ID to be imported into the HLKeystore.

Prior instructions: 5. Copied the Certificate part of the email after the "Below is your certificate in pkcs7 format:" to a text editor and saved it as cert.p7b. 6. Copied the cert.p7b file to "C:\Program Files (x86)\Java\jre7\bin" folder (as Admin) and then (as Admin) opened a cmd window into that folder.

New instructions:

5. Followed the link and downloaded the zip file. Opened the "getting_started.txt" and read it/followed it's link. Took me to a page with the full instructions again. Zip file also has 2 folders:

  • PKCS7 - This is the one to be used.
  • X509

6. Copy the ssl_certificate.p7b file from the zip over to the C:\Program Files\Java\jre1.8.0_122\bin folder and then (as Admin) opened a cmd window into that folder.

7. Entered the following command: 

keytool -import -trustcacerts -keystore HLKeystore -alias highline -file ssl_certificate.p7b
entered password and certificate was installed into HLKeystore.

8. Zipped up and emailed the new HLKeystore to John and Dave to be used in the building (DD) of all EARs from here on in.

HighLine.Standard Operating Procedures

This page (revision-5) was last changed on 07-Feb-2017 13:22 by jaikenTop