Sign Code with Microsoft SignTool

A Code Signing Certificate can be used to digitally sign code or content developed by Window Programs. After you received the trusted certificate and saved the PFX (.p12) file, follow the instructions below to guide you through the signing process on a Windows Vista machine running version Windows SDK 7.0 or higher. If you’re running version Windows SDK 6.0 or lower, reference our Microsoft Authenticode Installation Instructions to utilize the GUI interface.

  1. Click Start menu
  2. Run cmd.exe
  3. Sign your file:
    • For Symantec & Thawte certificates, run this command:

      SignTool sign /f "path to your PFX file" /p "your PFX file password" /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td "path to the exe file you want to sign"

    • For Comodo certificates, run this command:

      SignTool sign /f "path to your PFX file" /p “your PFX file password” /tr http://timestamp.comodoca.com /td "path to the exe file you want to sign"

  4. Your exe file has been successfully signed.

We highly recommend you verify your signature by running the command: signtool verify /pa /v "path to the exe file you signed". If you did not use the timestamping feature, we highly recommend you read our article on the importance of timestamping any code to ensure your signature remains valid after certificate expiration.