diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 5f812206..699e03d4 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3272,24 +3272,36 @@ def get_first_signer_certificate(apkpath):
         not (certs_v3 or certs_v2) and get_effective_target_sdk_version(apkobject) < 30
     ):
         with zipfile.ZipFile(apkpath, 'r') as apk:
-            cert_files = [
-                n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)
+            cert_infos = [
+                i for i in apk.infolist() if SIGNATURE_BLOCK_FILE_REGEX.match(i.orig_filename)
             ]
-            if len(cert_files) > 1:
+            if len(cert_infos) > 1:
                 logging.error(
                     _("Found multiple JAR Signature Block Files in {path}").format(
                         path=apkpath
                     )
                 )
                 return
-            elif len(cert_files) == 1:
-                signature_block_file = cert_files[0]
+            elif len(cert_infos) == 1:
+                signature_block_info = cert_infos[0]
+                signature_block_file = cert_infos[0].orig_filename
                 signature_file = (
-                    cert_files[0][: signature_block_file.rindex('.')] + '.SF'
+                    signature_block_file[: signature_block_file.rindex('.')] + '.SF'
                 )
+                for info in apk.infolist():
+                    if info.orig_filename == signature_file:
+                        signature_info = info
+                        break
+                else:
+                    logging.error(
+                        _("Missing JAR Signature File in {path}").format(
+                            path=apkpath
+                        )
+                    )
+                    return
                 cert_v1 = get_certificate(
-                    apk.read(signature_block_file),
-                    apk.read(signature_file),
+                    apk.read(signature_block_info),
+                    apk.read(signature_info),
                 )
                 found_certs.append(cert_v1)
                 if not cert_encoded: