docs/documentation/platform/pki/quick-starts/sign-first-code.mdx
Sign a Java JAR file using Infisical-managed keys in about 10 minutes. You'll issue a code signing certificate, create a signer, and sign your first artifact.
| Field | Value |
|-------|-------|
| Preset | Code Signing Certificate |
| Name | `code-signing` |
Then create a profile and issue a certificate following the same flow as the [Issue Certificate quick start](/documentation/platform/pki/quick-starts/issue-first-certificate), but using the `code-signing` policy.
Download the certificate — you'll need it for the signer.
| Field | Value |
|-------|-------|
| Name | `my-signer` |
| Certificate | Select the code signing certificate you just issued |
[Learn more about Signers →](/documentation/platform/pki/code-signing/signers)
Create a PKCS#11 config file (`pkcs11.cfg`):
```
name = Infisical
library = /path/to/infisical-pkcs11.so
```
```bash
jarsigner -keystore NONE -storetype PKCS11 \
-providerClass sun.security.pkcs11.SunPKCS11 \
-providerArg pkcs11.cfg \
your-app.jar "my-signer"
```
Your JAR file is now signed with your Infisical-managed key.
Verify the signature:
jarsigner -verify -verbose your-app.jar
You should see jar verified with details about the signing certificate.