(5 votes, average: 5.00 out of 5)Malware is the top security concern for 42% of CIOs and network engineers polled by Opengear at the end of 2023. In January 2024, the Network Resilience Coalition, a global group of cybersecurity experts and network and tech providers, addressed this concern (and many others) in their white paper “Protecting Network Resiliency.” One of the key recommendations for vendors was to sync their software development processes with the National Institute of Standards and Technology’s (NIST’s) Secure Software Development Framework (SSDF).
Jarsigner, when used with a publicly trusted code signing certificate, enables developers to digitally sign their Java applications in a way that proves the software’s authenticity and helps to protect its integrity. This is a fundamental step explicitly endorsed by NIST SSDF.
But to sign your code, you first need to know where Jarsigner.exe is located on your Windows, Linux, or macOS device. Do you know where to find it? We assume not, since you’re reading this article. So, let’s explore it together. Learn in our step-by-step guide how to locate Jarsigner in the three most common operating systems.
Let’s imagine you’ve just purchased a code signing certificate from a trusted certificate authority (CA) and set up your secure hardware token or the CA installed it on your existing hardware security module (HSM). Now, you’re ready to sign your Java code and publish it.
Before you do this, however, you first need to find Jarsigner on your workstation. The signing tool that comes embedded in the Java Development Toolkit (JDK) used to create Java applications. If you’ve installed JDK, then it’s just a matter of locating it on your system. But if you haven’t installed JDK yet, then keep reading because we’ll also cover how to install it on each type of operating system.
By default, Jarsigner is always installed in JDK’s bin folder. There are two ways to check if and where this software is saved on your Windows device.
This is the fastest method. It won’t only answer the question “Where is Jarsigner.exe located on my device?” but also indicate if it isn’t installed.
Does no path display when you try it? Don’t despair. Skip the next point and jump to the JDK installation instructions section.
Did you find it? Yeah! You can start signing your .jar files. You didn’t? That’s okay… you’ll learn how to install it in the section below.
If JDK (and consequently Jarsigner) aren’t installed on your machine, all you’ll have to do is follow the three steps listed in our guide “How to Install Jarsigner in Windows.”
Tip: When given the option, don’t change the default installation path (i.e., bin folder). Changing it will prevent you from asking “Where is Jarsigner.exe?” in the future.
Have installation issues? Check out Oracle’s JDK installation troubleshooting page.
Don’t forget to save Jarsigner’s location to your system by setting the path environment variable. This one-time operation will ensure that the Jarsigner command is always recognized by the command prompt, no matter which kind of Java file you’ll have to sign or verify.
Easy peasy, am I right?
Don’t you just love versatile tools that can be used on different platforms without hassle? I do. Jarsigner is one of them. So, let’s discover where Jarsigner has found its home within the Linux OS. In this demonstration, we’re using Linux Mint. However, the same process will work on all Linux operating systems, too.
If you, like me, didn’t change the default installation folder, something like this will be displayed:
Did the command not return a result (as shown in the example below)? Aha! This means JDK isn’t installed on your device. Let’s fix that issue right now.
Email Us
+1 (727) 291-0611
Chat Now
sudo dpkg -i jdk-XX_linux-x64_bin.debTip: Replace jdk-xx with the name of the JDK version you’ve downloaded.
Voila’! It’s done. You’ve now installed Jarsigner and JDK. Wondering where is Jarsigner located now? Run the whereis jarsigner command again to find it out.
Do you use a different Linux platform? Check out Oracle’s JDK installation guide.
Oh yes, our little Jarsigner is such a versatile tool. It works perfectly on macOS, too. And so will our code signing certificate and hardware token. So, just where is Jarsigner.exe’s den located on your Mac device?
If you installed JDK using the default installation path, you’ll find it in the usual JDK bin folder. To verify it:
If Jarsigner is already available on your Mac device, the terminal will display the path to the file. Usually, something similar to:
Computer\Mac OS X\Library\Java\JavaVirtualMachine\jdkx.x.x_xxx\Contents\Home\bin\jarsigner.No luck? Move on to the step below.
Download Java JDK for macOS from Oracle’s website and install it. This detailed video will take you through the process in no time.
If you aren’t into videos, you can also follow Oracle’s written instructions.
So, now that you have the answer to the question: “Where is Jarsigner located on my device?” for Windows, Linux and MacOS. It’s now time to start signing your Java files and give attackers a run for their money.
No matter which software you’re developing and which programming language you’re using, code signing is a crucial step. It will confirm your verified digital identity and help secure your applications against malware and unauthorized alterations to its code.
Signing archive files like .jar, .war, .ear, and .sar will require you to install Java JDK. But now that you know the answer to the question “Where is Jarsigner located in Windows, Linux, and macOS?” you can start to take back ownership of your Java codes.
Get a trusted Java code signing certificate, sign your codes with Jarsigner.exe, and prove to your users the authenticity and integrity of your products. Interested in Visual Studio and Azure code signing? Don’t miss our next articles.
