SSLmentor

Quality TLS/SSL certificates for websites and internet projects.

SignTool

SignTool

Microsoft SignTool

Microsoft SignTool is a command-line tool included in the Windows Software Development Kit (SDK) that is used to digitally sign files such as executable EXE files and DLLs. This tool allows developers to secure their applications with a digital signature, increasing user confidence in the authenticity and integrity of the software.

Installing SignTool

  • SignTool is part of the Microsoft Windows Software Development Kit (SDK). The installer can be downloaded from the page Windows SDK.
  • Help from Microsoft is on the site learn.microsoft.com/.../seccrypto/signtool with a detailed explanation of syntax and parameters.
Windows SDK

Basic commands

Command to sign custom EXE application using CODE Signing certificate. If we do not have a file path set, it must be specified.

signtool sign /debug /n "web security" /fd SHA256 MyApp.exe

Basic parameters

  • /debug - prints debugging information
  • /n SubjectName - selects a signature certificate by subject name; Only part of the name can be entered.
  • /a - automatically selects the best signing certificate
  • /t URL - timestamp server option
  • /fd certHash - hashing algorithm specification, mandatory parameter
  • /d Desc - specification of signed code

Syntax examples

signtool sign /a /fd SHA256 MyApp.exe
signtool sign /t http://time.certum.pl /a /fd SHA256 MyApp.exe
signtool sign /t http://timestamp.digicert.com /a /fd SHA256 "C:\path\to\MyApp.exe"
signtool sign /t http://time.certum.pl /n "MyCompany cert" /fd SHA256 /d "test code" MyApp.exe
Code signing - sign the SW

Back to Help
Found an error or don't understand something? Write us!

CA Sectigo
CA RapidSSL
CA Thawte
CA GeoTrust
CA DigiCert
CA Certum