Error: "Invalid sha1 signature file digest for" when verifying a Jar file

Solution ID:    SO22646    Updated:    05/02/2016


Users receive the error:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for org/apache/log4j/net/DefaultEvaluator.class

when running the command jarsigner -verify -verbose -certs your-jar-file


To resolve this error, resign your jar file by running the following command:

jarsigner -keystore mykeystore -digestalg SHA1 your-jar-file youralias

Note: We added the parameter -digestalg SHA1

Once signed, verify your signature again by following command:

jarsigner -verify -verbose -certs your-jar-file



Terms of use for this information are found in Legal Notices

Contact Support

Find Answers