Active Query Builder support area

How to sign Java applet?

Last modified:


How To Sign an Applet?
To run an applet in a web browser, you should sign it with digital certificate beforehand because applets are untrusted in the security architecture of all browsers by default.
Certificate authorities typically charge a fee for the service of validating their clients' credentials. However, for testing and demo purposes, you may create a self-signed certificate. The information given in a self-signed certificate has not been validated by a trusted third party. If you plan to distribute the applet widely, you should obtain a certificate that is validated by a trusted certificate authority. The procedure for this is beyond the scope of this tutorial.
  1. Make sure your applet is compiled to JAR file. The applet must be in a JAR file before a certificate can be attached to it. If the applet was previously referenced with the help of a 'codebase' attribute in the <applet> tag of the HTML file, replace the 'codebase' attribute with the 'archive' attribute. The value of the 'archive' attribute is the URL of a JAR file.
  2. Create a public/private key pair. The command for this is
    keytool -genkey	
    The keytool is SDK utility. It will prompt you for a password to your keystore and for the remaining parameters, one of which is an alias, whose value is the name of the key. The keystore is a file that contains your public/private key-pairs, and the public-keys of others with whom you exchange information.
  3. Create a certificate for the key you created in the previous step.
    keytool -selfcert	
    Again, the keytool will prompt you for a keystore password and remaining parameters. This certificate is now self-signed by you, meaning that it has not been validated by any third party.
  4. Run jarsigner to associate this certificate with the JAR file that contains your applet.
    jarsigner AppletDemo.jar mykey	
    mykey is the name of the public key of the certificate you just created. This creates a digest for each file in your JAR and signs them with your private key. These digests or hashes, the public key, and the certificate will all be included in the "META-INF" directory of the JAR file.

If you have some errors or require additional information about signing JAR files, please refer to this article: Signing JAR files.


Is this article helpful for you?