To change jar expiry time

Question

I need to change expiry date of jar being signed by a certificate to say 30 days. Hence I execute in sequence (I provide relevant inputs for the first command). But in-spite of the -validity option being given as 30 days, the jarsigner command says the certificate expires after 6 months(which is default). How can I change this any idea ? Below is the list of commands i use

keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias

Answer 1

Your key has a validity of 30 days; the certificate that you are generating and signing with that key is not being specified, and so defaults to 180 days. It is the value of the -validity flag specified in the -selfcert command that is important here. I just tested this:

cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias

and when the browser popped up the dialog, I could verify that the expiration date was listed as today+30 days. jarsigner -verbose -certs -verify myApplet.jar is much more verbose, listing summary of the certificate and the key as well:

sm       697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 12/31/11 12:48 PM]

  X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
  [certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest

Where 12/31/11 is 30 days from my test now, and the other date is 90 days after I created the keystore, which I can verify with keytool -v -list -keystore myKeystore-TEST. The man page for keytool says 90 days is the default for keys.