Skip to main content


Jsign is a Java implementation of Microsoft Authenticode that is platform independent and provides an alternative to native tools like osslsigncode on Linux and SignTool on Windows or the Mono development tools on Unix systems.

Integrate Jsign with Sign Manager Controller (SMCTL) for simplified signing. Alternatively, you can sign directly with Jsign and reference your private key stored in DigiCert​​®​​ KeyLocker.


Jsign is compatible for signing on Windows, Linux, and macOS.

What can Jsign be used to sign?

Use Jsign to sign and timestamp executable files for Windows, Microsoft installers (MSI), and Scripts (PowerShell, VBScript, JScript, WSF). For more information, refer to Files supported for signing.

Install Jsign


Use Jsign version 4.1 or higher to sign files larger than 100MB. To avoid errors when signing large files, use osslsigncode instead of jsign.

The installation command differs based on your operating system:

Set PATH environment variables

Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your signing tools to ensure that the CLI can reference these signing tools.

You can set the PATH environment variable to jsign using command line.

Download and configure PKCS11 library

Jsign uses a configuration file to integrate with DigiCert​​®​​ KeyLocker PKCS11 library.

Follow these instructions to download DigiCert​​®​​ KeyLocker PKCS11 library and create the configuration file.

Configure sign4j (optional)


This configuration procedure is required for signing with jsign and sign4j using SMCTL.

Sign with Jsign

You can sign with Jsign directly or via DigiCert's signing tools integrated with Jsign: