jarsigner: This jar contains entries whose certificate chain is not validated

java jarsigner

I have been having the same issue and if it can help others the problem is in how jarsigner finds the keystore.

In order to fix the issue do: 

jarsigner -verify -keystore xxxx.jks mysignedjar.jar

You are not missing anything and you are definitely not alone with this problem. After a struggle of almost 12 hours, I figured out that the root of the problem lies in mixing binaries from JDK 1.7 with an older version of Java such as JRE-1.6. To be more precise, keytool comes with JRE, while JDK ships with both keytool and jarsigner.

So, to resolve the issue, I have completely uninstalled JDK-1.7 from my system and installed JDK-1.6 Update 30. Now, if I would do jarsigner -verify -verbose -certs blah.jar it would produce jar verified without any warning which I believe is what you expect.


It's just a warning you can ignore.

If you really don't want to ignore it then tell jarsigner where your keystore is when you verify.

jarsigner -verbose -verify -keystore ${KEYSTORE_PATH} ${YOUR_JAR_FILE}

This is just a new feature in JDK 7.

Related

Convert StringCollection to List<String>
Configure cron job to run every 15 minutes on Jenkins
Changing font programmatically to System Semibold
Bash: evaluate a mathematical term?
Download history stock prices automatically from yahoo finance in python
psycopg2 TypeError: not all arguments converted during string formatting
Show line / separator view in SwiftUI
What are Containers/Adapters? C++
Call to undefined method PHP_CodeCoverage_Filter::getInstance()
DialogFragment and force to show keyboard
Error: [$compile:nonassign] Expression 'undefined' used with directive 'myFacebook' is non-assignable
java comparator, how to sort by integer?