/ notes / exe

Code signing with SignTool.exe

Notes about creating a test CA and signing an exe file

SignTool.exe is available as part of the Windows SDK and normally installed by Visual Studio. Run “Developer Command Prompt for VS 2022” and it will be available at the command line.


signtool.exe  sign  /f signing_cert.pfx /p test /td sha256 /fd sha256 /tr http://timestamp.digicert.com  myapp.exe


XCA testing CA

Exe correctly signed

Exe signed without full chain


SignTool.exe https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
XCA https://hohnstaedt.de/xca/