Find the alias for the imported p12, if needed.
Sign the jar with jarsigner:
> jarsigner -keystore keystore.jks myjartosign.jar “my alias in the keystore” -tsa “www.example-tsa.com”
You will get an warning if you don’t use a url to a tsa. I googled my certificate authority and looked up their tsa on their knowledge base.
In my case I used Comodo, and their tsa is “http://timestamp.comodoca.com/rfc3161“.