Microsoft SignTool Guide
A Code Signing Certificate can be used to digitally sign code or content developed by Window Programs. After you received your certificate and installed it on your secure hardware device, follow the instructions below to guide you through the signing process on a Windows Vista machine running version Windows SDK 7.0 or higher. If you’re running version Windows SDK 6.0 or lower, reference our Microsoft Authenticode Installation Instructions to utilize the GUI interface.
1. Click Start
Click Start menu
2. Run cmd.exe
Run cmd.exe
3. Use the appropriate command below
- For DigiCert certificates, run this command:
SignTool sign /f "path to your PFX file" /p "your PFX file password" /tr http://timestamp.digicert.com /td "path to the exe file you want to sign"
- For Comodo and Sectigo certificates, run this command:
SignTool sign /f "path to your PFX file" /p "your PFX file password" /tr http://timestamp.sectigo.com /td "path to the exe file you want to sign"
Congratulations! Your .exe file has been successfully signed.
We highly recommend you verify your signature by running the command: signtool verify /pa /v “path to the exe file you signed”. If you did not use the timestamping feature, we highly recommend you read our article on the importance of timestamping any code to ensure your signature remains valid after certificate expiration.