Signed jar file prematurely expires

I have attached the screenshots. Please check

Okay, thanks.

There are a couple things here:
1) Easy one - you need to import the root certificate chain for Thawte into your Java keystore.

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

2) The expiration issue - it says it expired in 2007.  Have you compared the serial number of the certificate to the one that you were sent by Thawte to make sure they are the same thing?

I assume you've done this, but just to be safe - have you checked the system clock to make sure that the time, date/year, etc. are correct?

Check the hardware clock in BIOS and make sure that is also correct.  Sometimes this happens if that was never updated, or if the CMOS battery needs to be replaced.  Check this on the server and on the client box.

Also, try unchecking the box for 'use daylight savings time' if that happens to be checked (even if it is correct) - make sure to re-launch your java app after making the change.

If this doesn't help - what is the host enviornment (windows/linux/etc. version)

If you are able to sign it, try applying a timestamp to it as well.  Some of the commercial cert vendors will offer this service as part of your code signing purchase - when the code signing cert expires the timestamp will still be valid so you dont' need to keep re-signing it every year or two.

Please let me explain you what I did:
I have exported the code signing cert from IE
Imported in Netscape Navigator, and exported it as .p12
Then I signed it as per the instructions in the attachment

Let me know, what I have done is correct

Not sure why you imported/exported from netscape if you had already exported from IE, but that shouldn't make any difference.  The .pfx file exported from IE (presuming you included the private key to import into netscape) is still a PKCS #12 file format.

Rest of it is looking good from a quick glance... As I mentioned before, you might want to seriously consider timestamping as well - even if the signature works as expected you need to re-sign it every year or two - with the timestamping you don't.   Here's the document on how to do that:
http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing-beta1.html

I have been using this url to timestamp while signing:

https://timestamp.verisign.com/scripts/timstamp.dll

Will this combination work?

jarsigner -tsa https://timestamp.verisign.com/scripts/timstamp.dll -storetype pkcs12 -keystore NewCert.p12 JavaVersionDisplayApplet.jar "RGS-CAD"

Raj

You're on the right track.  
Use -signedjar before the jar name.

Depending on specifics, that may be all you need.

You may need to include the path to the file in addition to the name, but I'm taking the above as an example anyways.  

There is a decent chance you may also need to include passwords for the P12 file, etc. if so use tags -keypass -storepass

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/jarsigner.html#Options

I tried,
F:\rrc\JavaVersionDisplayApplet>jarsigner -tsa https://timestamp.verisign.com/sc
ripts/timstamp.dll -storetype pkcs12 -keystore NewCert.p12 -signedjar JavaVersio
nDisplayApplet.jar "RGS-CAD"

I have set JDK1.6.0_12\bin into path variable prior to execute the above command.

I got only,
Usage: jarsigner [options] jar-file alias
       jarsigner -verify [options] jar-file

[-keystore <url>]           keystore location

[-storepass <password>]     password for keystore integrity

[-storetype <type>]         keystore type

[-keypass <password>]       password for private key (if different)

[-sigfile <file>]           name of .SF/.DSA file

[-signedjar <file>]         name of signed JAR file

[-digestalg <algorithm>]    name of digest algorithm

[-sigalg <algorithm>]       name of signature algorithm

[-verify]                   verify a signed JAR file

[-verbose]                  verbose output when signing/verifying

[-certs]                    display certificates when verbose and verifying

[-tsa <url>]                location of the Timestamping Authority

[-tsacert <alias>]          public key certificate for Timestamping Authority

[-altsigner <class>]        class name of an alternative signing mechanism

[-altsignerpath <pathlist>] location of an alternative signing mechanism

[-internalsf]               include the .SF file inside the signature block

[-sectionsonly]             don't compute hash of entire manifest

[-protected]                keystore has protected authentication path

[-providerName <name>]      provider name

[-providerClass <class>     name of cryptographic service provider's
  [-providerArg <arg>]] ... master class file and constructor argument

Not sure what I did wrong!

While signing, it asks for password which I did enter too!

I am sorry!, none of the solution(s) works for me!