IMPORTANT NOTE: Oracle does not issue general code-signing certificates for applet or Web Start deployment. The process described here is only for obtaining certificates for use with the Java Cryptography Extensions (JCE) framework that require certificates issued by the JCE Certificate Authority (CA). Note that some OpenJDK implementations do not require a certificate.
A certificate received from this process will not work for anything other than authenticating JCE providers to the JCE framework (that is, the certificate will not work for deployment purposes.)
There are many third-party Java code-signing certificate providers available. To obtain a general code-signing certificate, please consult the major search engines using the terms:
To request a JCE code signing certificate, follow these steps:
Create an email message addressed to email@example.com. In the Subject line, enter the following:
Request a Certificate for Signing a JCE Provider
This exact subject line must be used or else the spam filters will not let the message through.
Ensure that the email message format is plain text and its character encoding is ASCII.
Include the following contact information in the body of your email message:
All of the above information is required.
It's recommended that the key pair used to generate this CSR uses RSA or DSA with 2048 or more bits.
For information about generating CSRs, see the following in the Java SE documentation of the release you're using:
keytoolcommand in JDK Tool Specifications or the
Attach the CSR to the email message or include it in the body of your email message. If your email application has an option for specifying the encoding format for attachments, select the MIME option.
Note: The CSR file is just a plain text file in Base64 encoding. Only the first and last lines are human-readable. For example:
-----BEGIN NEW CERTIFICATE REQUEST----- MIIC3jCCAcYCAQAwaTEdMBsGA1UEChM... ...deleted... -----END NEW CERTIFICATE REQUEST-----
Download and complete the Certification Form for CSPs, then scan it as a PDF or JPG file.
Attach the scan of the completed form to your email message.
Verify that your email message contains your contact information, CSR, and completed Certification Form for CSPs, then email it to firstname.lastname@example.org.
Once the JCE Code Signing Certification Authority receives your request, they will validate it and perform a background check. If this check passes, then they will create and sign a JCE code-signing certificate valid for 5 years. You will receive an email message containing two text certificates: the code-signing certificate and the JCE CA certificate, which authenticates the code-signing certificate's public key.
Allow ten business days from receipt of your request for processing.