Sign Code with Microsoft SignTool

A Code Signing Certificate can be used to digitally sign code or content developed by Window Programs. After you received the trusted certificate and saved the PFX (.p12) file, follow the instructions below to guide you through the signing process on a Windows Vista machine running version Windows SDK 7.0 or higher. If you’re running version Windows SDK 6.0 or lower, reference our Microsoft Authenticode Installation Instructions to utilize the GUI interface.

  1. Click Start menu
  2. Run cmd.exe
  3. Sign your file:
    • For DigiCert certificates, run this command:

      signtool sign /t http://timestamp.digicert.com /a "c:\path\to\file.exe"

    • For Sectigo certificates, run this command:

      SignTool sign /f "path to your PFX file" /p “your PFX file password” /tr http://timestamp.sectigo.com /td "path to the exe file you want to sign"

  4. If the signing is successful, you should get a message confirming the file has been signed. 

We highly recommend you verify your signature by running the command: 

signtool verify /pa /v "path to the exe file you signed"

If you did not use the timestamping feature, we highly recommend you read our article on the importance of timestamping any code to ensure your signature remains valid after certificate expiration.