How do you sign a FireFox .xpi add-on file using Jarsigner?

Does anyone know the secret to using Java's jarsigner.exe to sign a FireFox .xpi add on? I have seen a few references that seem to imply that this can be done successfully, but I can't get it to create an installable version of my .xpi file. I can sign it with jarsigner and the "verify" command

Can NSS Signtool.exe access signing certificate keys from an HSM?

We are trying to implement signing of xpi files using the NSS Signtool.exe. However, we need to access our certificate keys from our HSM server instead of having the keys installed in the local keystore on the signing machine. Does anyone have information on how to set this up and what the comm