How to Sign Code with a Microsoft Authenticode Signing Certificate?

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)

Step-by-Step Instructions to Sign Code With a Microsoft Authenticode Signing Certificate

If you’re a software developer, you know how much work it is to develop and publish software. How will you feel, if after all the work you put in, finally your software is released but some people aren’t using your software because of a warning message, just because you haven’t signed it using a trusted code signing certificate. Fortunately, there’s a simple way to avoid this problem.

sign code with microsoft authenticode signing

Due to prevalent security threats, it has become nearly mandatory to sign your software packages, codes, and other executable files to prove you’re a trusted source.

Code signing certificates are a critical component for signing software packages, and are used for signing code and executable developed for Windows with the help of Microsoft Authenticode signatures.

Once you receive your trusted Microsoft Authenticode code signing certificate and have saved the PFX (.p12) file, go through the below guide to sign your code.

microsoft-office-white-logo

Save 60% – Microsoft Authenticode Code Signing Certificate

Digitally Sign & Hash Your Executables & Scripts

Buy Microsoft Authenticode Code Signing at Only $69

Steps to Sign Code With a Microsoft Authenticode Signature

  • Click on the Windows button and open Start Menu.
  • Open Command Prompt through Run by typing cmd.
  • Now, run the below command:

SignTool sign /f "path to your PFX file" /p "your PFX file password" /tr http://timestamp.<CANameca>.com /td "path to the exe file you want to sign"

For example:

SignTool sign /f "path to your PFX file" /p "your PFX file password" /tr http://timestamp.comodoca.com /td "path to the exe file you want to sign"

Congratulations! Once you complete the above steps, your executable file is successfully signed.

We recommend once you complete the signing process you should verify your signature using the below command:

signtool verify /pa /v "path of the executable file you signed".

If you haven’t used the timestamp feature, then we recommend doing it, or else go through this post on Timestamp that explains its importance in the software signing process.

Summary

As a software developer or publisher, you might already know the importance of signing to prevent your software from triggering warning messages while also proving your identity, but you may not always remember every step required. That’s why we created this quick guide, simply go through it and sign your code quickly.