Create a keystore, I started with a p12.

Find the alias for the imported p12, if needed.

Sign the jar with jarsigner:

> jarsigner -keystore keystore.jks myjartosign.jar “my alias in the keystore” -tsa “www.example-tsa.com”

You will get an warning if you don’t use a url to a tsa. I googled my certificate authority and looked up their tsa on their knowledge base.

In my case I used Comodo, and their tsa is “http://timestamp.comodoca.com/rfc3161“.