Where Is Jarsigner.exe Located on My Device? A Guide for Windows, Linux, and MacOS
Home » Where Is Jarsigner.exe Located on My Device? A Guide for Windows, Linux, and MacOS
(5 votes, average: 5.00 out of 5)
94% of organizations recognized in 2023 that customers wouldn’t buy from them if they didn’t secure their sensitive data. Want to boost the security of your Java apps with code signing but can’t anwer the question “where is Jarsigner located” on your Windows, Linux, or macOS device? Find it out in our quick guide
Malware is the top security concern for 42% of CIOs and network engineers polled by Opengear at the end of 2023. In January 2024, the Network Resilience Coalition, a global group of cybersecurity experts and network and tech providers, addressed this concern (and many others) in their white paper “Protecting Network Resiliency.” One of the key recommendations for vendors was to sync their software development processes with the National Institute of Standards and Technology’s (NIST’s) Secure Software Development Framework (SSDF).
Jarsigner, when used with a publicly trusted code signing certificate, enables developers to digitally sign their Java applications in a way that proves the software’s authenticity and helps to protect its integrity. This is a fundamental step explicitly endorsed by NIST SSDF.
But to sign your code, you first need to know where Jarsigner.exe is located on your Windows, Linux, or macOS device. Do you know where to find it? We assume not, since you’re reading this article. So, let’s explore it together. Learn in our step-by-step guide how to locate Jarsigner in the three most common operating systems.
Windows, Linux, MacOS: Where Is Jarsigner.exe? How Can I Find It?
Let’s imagine you’ve just purchased a code signing certificate from a trusted certificate authority (CA) and set up your secure hardware token or the CA installed it on your existing hardware security module (HSM). Now, you’re ready to sign your Java code and publish it.
Before you do this, however, you first need to find Jarsigner on your workstation. The signing tool that comes embedded in the Java Development Toolkit (JDK) used to create Java applications. If you’ve installed JDK, then it’s just a matter of locating it on your system. But if you haven’t installed JDK yet, then keep reading because we’ll also cover how to install it on each type of operating system.
Where Is Jarsigner Located on Windows?
By default, Jarsigner is always installed in JDK’s bin folder. There are two ways to check if and where this software is saved on your Windows device.
1. Use the Command Prompt
This is the fastest method. It won’t only answer the question “Where is Jarsigner.exe located on my device?” but also indicate if it isn’t installed.
Open a Windows command prompt as Admin. Search for “cmd” in the Windows Search bar and select Run as Administrator.
Type the following command and hit Enter: dir “\jarsigner*” /s. If Jarsigner is installed on your machine, the command prompt will display a message similar to what you see in the screenshot below. In our example, the signing tool is located in its default folder: C:\Program Files\Java\jdk-XXXX\bin.
2. Look for Jarsigner Manually Using File Explorer
Open Windows File Explorer by selecting its icon on the taskbar or in the Start menu.
Click on Local Disk and then on Program Files folder.
Click on Java, JDK-21 (or whatever version you’re using) and open the bin folder. Jarsigner should appear in the list of applications.
Did you find it? Yeah! You can start signing your .jar files. You didn’t? That’s okay… you’ll learn how to install it in the section below.
How to Install Jarsigner.exe on Windows
If JDK (and consequently Jarsigner) aren’t installed on your machine, all you’ll have to do is follow the three steps listed in our guide “How to Install Jarsigner in Windows.”
Tip: When given the option, don’t change the default installation path (i.e., bin folder). Changing it will prevent you from asking “Where is Jarsigner.exe?” in the future.
Have installation issues? Check out Oracle’s JDK installation troubleshooting page.
Don’t forget to save Jarsigner’s location to your system by setting the path environment variable. This one-time operation will ensure that the Jarsigner command is always recognized by the command prompt, no matter which kind of Java file you’ll have to sign or verify.
Type “cmd” in the Windows search bar and click on Run as Administrator. The command line window will open.
Enter the following script and hit Enter: set PATH=C:\Program Files\Java\jdkXXX\bin. In this example, we’ve entered jdk-21, as it’s the version we’ve currently installed. Replace the jdkXXX with whatever version you’re using.
Easy peasy, am I right?
Save Up to 21% on a Java Code Signing Certificate
Digitally sign unlimited JAR files and applications for as little as $211.46/year.
Don’t you just love versatile tools that can be used on different platforms without hassle? I do. Jarsigner is one of them. So, let’s discover where Jarsigner has found its home within the Linux OS. In this demonstration, we’re using Linux Mint. However, the same process will work on all Linux operating systems, too.
Open a terminal window by clicking the Applications Menu button on your desktop, or the terminal icon if you’ve already pinned it to the dash bar. Alternatively, use the CTRL + ALT + T keys.
Type the following command and hit Enter: whereis jarsigner.
If you, like me, didn’t change the default installation folder, something like this will be displayed:
Did the command not return a result (as shown in the example below)? Aha! This means JDK isn’t installed on your device. Let’s fix that issue right now.
How to Install JDK (and Jarsigner) on Linux
Go to the Oracle website and download JDK for Linux. Make sure you pick the correct package. In this instance, we’ll show you how to install it on Linux Mint. As such, we’ll select the Debian package (.deb). Once again, the process is similar for all Debian-based Linux platforms (including Ubuntu).
Open a terminal and install JDK by entering the command below and, at the prompt, type your sudo password:
sudo dpkg -i jdk-XX_linux-x64_bin.deb
Tip: Replace jdk-xx with the name of the JDK version you’ve downloaded.
Voila’! It’s done. You’ve now installed Jarsigner and JDK. Wondering where is Jarsigner located now? Run the whereis jarsigner command again to find it out.
How Can I Find Out Where Jarsigner Is Stored on Mac?
Oh yes, our little Jarsigner is such a versatile tool. It works perfectly on macOS, too. And so will our code signing certificate and hardware token. So, just where is Jarsigner.exe’s den located on your Mac device?
If you installed JDK using the default installation path, you’ll find it in the usual JDK bin folder. To verify it:
In the Dock, open a terminal as shown in this short video. (You can also follow the instructions available on the Apple support page.)
Type whereis jarsigner.
If Jarsigner is already available on your Mac device, the terminal will display the path to the file. Usually, something similar to:
Computer\Mac OS X\Library\Java\JavaVirtualMachine\jdkx.x.x_xxx\Contents\Home\bin\jarsigner.
No luck? Move on to the step below.
MacOS: How to Install JDK and Jarsigner
Download Java JDK for macOS from Oracle’s website and install it. This detailed video will take you through the process in no time.
So, now that you have the answer to the question: “Where is Jarsigner located on my device?” for Windows, Linux and MacOS. It’s now time to start signing your Java files and give attackers a run for their money.
Boost User Trust in Your JAR Files — Save Up to 21% on a Java Code Signing Certificate
Prove your Java apps and JAR files are legitimate by signing them with a Java code signing certificate. You can get one starting at $211.46/year.
Final Thoughts About Where Jarsigner.exe Is Located on My Device
No matter which software you’re developing and which programming language you’re using, code signing is a crucial step. It will confirm your verified digital identity and help secure your applications against malware and unauthorized alterations to its code.
Signing archive files like .jar, .war, .ear, and .sar will require you to install Java JDK. But now that you know the answer to the question “Where is Jarsigner located in Windows, Linux, and macOS?” you can start to take back ownership of your Java codes.
Get a trusted Java code signing certificate, sign your codes with Jarsigner.exe, and prove to your users the authenticity and integrity of your products. Interested in Visual Studio and Azure code signing? Don’t miss our next articles.
Code Signing Best Practices
Want to keep your software and code safe?
Enter your contact information below below to receive your FREE Best Practices PDF:
Contact details collected by CodeSigningStore.com may be used to send you requested information, blog update notices, and for marketing purposes. Learn more…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.