I’m pretty new to the idea of timestamp-signing in general, but with support for this now part of the JDK (since v1.5) I’d really like to use this feature.
Assuming I’ve converted my code signing certificate to the correct format (p12) how can I now use that certificate to timestamp-sign my JAR files? Preferably I’d like to automate this using an ANT task (as I currently do without using timestamping features). My current syntax is very simple:
<signjar alias="ALIAS..." storepass="PASSWORD..." > <path> <fileset dir="dist" includes="**/*.jar" /> <fileset dir="dist" includes="*.jar" /> </path> </signjar>
The ANT documentation specifies a syntax for signing using timestamps as well: http://ant.apache.org/manual/CoreTasks/signjar.html
There is a parameter “tsaurl” which I presume should be set to the comodo timestamping server address, but it also asks for a parameter “tsacert” described as:
“alias in the keystore for a timestamp authority for timestamped JAR files in Java1.5+”.
can anyone tell me what I need to enter in this field?
Thanks in advance for any help with this!