Re-Sign a Content Archive

If the certificate you used to sign a content archive has expired, you can re-sign the content archive using a new certificate. The example in this section assumes that the JAR signing tool, content archive to re-sign, and keystore are located on the same system.

  1. On the system, open a command prompt and create a directory in which to extract the files from the content archive and go to that directory. For example, run the following commands:

    Linux:

    mkdir /tmp/contentarchive
    cd /tmp/contentarchive

  2. Extract the files from the content archive. For example, run the following command:

    Linux:

    /usr/bin/javac/bin/jar -xvf /tmp/SERVICE_OFFERING_2c9f4ab8b896014ac3520ca7016d.zip

  3. Remove the expired signature files. For example, run the following command:

    Linux:

    rm -rf META-INF

  4. Create a new content archive.

    Linux:

    /usr/bin/javac/bin/jar -cvf /tmp/SERVICE_OFFERING_2c9f4ab8b896014ac3520ca7016d_NEW.zip *

  5. Change to the JDK's bin directory. For example, go to:

    Linux:

    /usr/bin/javac/bin

  6. If you have access to the keystore, remove the expired certificate by running the following command:

    Linux:

    keytool -delete -keystore /tmp/.keystore_archive_signing -alias csa_archive
    -storepass <keystore_password>

  7. If you are using a certificate generated for you, get the keystore, keystore password, and alias to access the certificate. If you are using a self-signed certificate, follow the instructions in Locating or Creating a Keystore and Certificate to generate a new self-signed certificate.
  8. Re-sign the content archive. Follow the instructions in Signing the Content Archive to re-sign the content archive (use the new content archive name, SERVICE_OFFERING_2c9f4ab8b896014ac3520ca7016d_NEW.zip).