Posted by ErmanArslansOracleBlog on Nov 28, 2021; 7:01pm
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/jar-signing-code-failed-tp10450p10458.html

Okay, I understand the need..

1) The CSR creation command you send in your last update is wrong. There should be an -alias argument.
keytool -sigalg SHA256withRSA -certreq -keystore <JRI_DATA_LOC>/adkeystore.dat -file <JRI_DATA_LOC>/adkeystore.csr -alias <alias_name>
2) adkeystore.crs is better.. -- you said adkeystore.crt
3)Don't you have a root certificate to import?
4)As for other certificates that might be needed; it depends your own certificate type ->

In general, only customers using their own in-house certificate authority will need to import their 'root certificate' into the Java public keystore, cacerts, therefore most users will probably not need to touch this keystore.

All users will need to import their 'Java code signing certificate' and if the certificate chain of trust includes them, any 'intermediate certificates' into the keystore, adkeystore.dat.

5)Note that -> Whenever you upgrade your jdk version on the server any additional certificates you have added to your cacerts file will be lost. You will need to re-import the root certificate or keep a copy of your original cacerts file which you can copy back in.

6) As I mentioned in my last update; check your CSR and check your coding certificate with your Security admin..  Ensure that no attribute value in the certificate obtained from a CA contains a problematic character. Actually, it is better to do a general control in signing process + the certificate produced by it.