3

I'm trying to sign my Android .apk using our company's code signing certificate that's in a .pfx. I'm able to convert the .pfx to a .jks fine (thanks to this answer) and can sign the .apk with it, but I saw from the Android publishing guide that the certificate should be valid until 22 October 2033. However, our code signing cert expires in 2 years.

So, is it possible to sign an .apk using a Java keystore (.jks) that's converted from a .pfx and be valid until 2033?

Community
  • 1
  • 1
Ionian316
  • 2,303
  • 2
  • 28
  • 36
  • 1
    The KEY is only valid for 2 years. You need to get a key that is valid for longer. – cyroxis Apr 13 '16 at 18:43
  • 1
    The reason you need a long lasting key is that you have to sign your apk using the same key every time you update. Once your key expires, you will no longer be able to update your app. – Kuffs Apr 13 '16 at 18:54
  • @cyroxis So then it's not possible to use our code signing cert to sign the apk and be valid until 2033, correct? – Ionian316 Apr 13 '16 at 19:02
  • 1
    @lonian316 Correct, my point is that a **signing** does not expire. When you sign an app with a key that build/version of the app is signed with that key forever. But a **key** (think secret password) has an expiration date, after which point you should no longer trust the key. – cyroxis Apr 14 '16 at 13:26

1 Answers1

2

So, is it possible to sign an .apk using a Java keystore (.jks) that's converted from a .pfx and be valid until 2033?

You do not sign with keystore. You sign with key. And that key must expire no sooner than 22 Oct 2033. Since your expires sooner, you need new key to be able to sign your app.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141