Step 1: Download Signing Tools

If you have not already done so, download the Java 2 Software Development Kit (SDK). The latest version is available free of charge for the Solaris SPARC/x86, Linux86, and Microsoft Windows platforms from http://java.sun.com/javase/downloads/index.jsp

You will be using the keytool, jar, and jarsigner to apply for your Code Signing Digital ID and sign your code.

Step 2: Enrollment

Create a Keystore

To generate a public/private key pair, enter the following command, specifying a name for your keystore and an alias as well

keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>

Keytool prompts you to enter a password for your keystore, your name, organization, and address. The public/private key pair generated by keytool is saved to your keystore and will be used to sign Java Applets and applications. This key is never sent to Symantec and is required to sign code. Symantec encourages you to make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact Symantec immediately to have it revoked.

Generate a CSR

You need to generate a Certificate Signing Request (CSR) for the enrollment process.

The following command requests Keytool to create a CSR for the key pair in the keystore:

keytool –certreq –file certreq.csr –keystore <keystore_filename> -alias <alias_name>

Begin the enrollment process for a Code Signing ID from the products and services section of the Symantec Web site.
 
Copy the contents of the CSR and paste them directly into the Symantec enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).