Jarsigner: certificate chain not found for

Short Answer

Use your alias key instead of key store like this:

jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]

More Details

Here are the easiest way to solve this error:

  1. Go to bin folder .. it may be in this path:

C:\Users[Your computer name]\jdk\bin

or this path:

C:\Program Files\Java\jre1.8.0_77\bin

  1. To prevent issues caused by the configuration of environment variables, please copy both the empty package to be signed, and your key store [the private key for signature] to the bin directory under JDK.

  2. Get your alias key by run this command:

    keytool -keystore [your key store] -list -v

  3. Finally run this command:

    jarsigner -verbose -keystore [Your signature storage path] -signedjar [signed filename] [unsigned filename] [Your alias key]


I had this error, but it was a different issue. When you send off a CSR to a CA it comes from a particular private key with a particular alias that you generated. When you receive the cert back again you must import it using the same alias name or else the two certs will not be wired together.

If you have done it right, when you use keytool -list -v you wil see a single entry with the alias name, of type

Entry type: PrivateKeyEntry
Certificate chain length: 3

For the entry. If you have done it wrong the you will have two entries

Entry type: PrivateKeyEntry
Certificate chain length: 1

and

Entry type: trustedCertEntry

It seems that your keystore contains only a certificate (public key) you need a complete key entry, with a private key, and the whole certificate chain to be able to sign anything


I faced same issue. I am having .p12 file issued by CA and I was trying to sign jar file. However I was getting error:

jarsigner: Certificate chain not found for:

Basically I was copying alias name from console. It was having wrong character 'question mark' (?) causing this error. Instead I redirected output of keytool to text file and then I copied alias name from there.

  1. Issue this command:

    keytool -list -v -storetype pkcs12 -keystore "mycertificate.p12" > cert.txt

(This is very important. Always redirect to txt file. Do not copy from console output. It can contain wrong characters)

  1. Find out alias name in certificate. Open cert.txt and copy string as it is mentioned in front of "Alias name:"

Let's say this string is "my alias name, a.p.’s my ca limited id"

  1. Use jarsigner:

    jarsigner -storetype pkcs12 -keystore "mycertificate.p12" myjarfile.jar "my alias name, a.p.’s my ca limited id"