Prepare your Computer & Secure Token for EV Code Signing files with SignTool

  1. Many customers will choose to have DigiCert ship a secure token to them. If this applies to you, you will need to activate your token and retrieve its password from within your DigiCert account. During this process, you will also be given the link to download the driver for the Safenet eToken device. After obtaining your password, DigiCert strongly recommends you change your etoken password as a security best practice.

    Similarly, if you are bringing your own FIPS 140-2 Level 2 compliant token from a different vendor, you will need to ensure your device's hardware driver is installed to your PC, and subsequently, you have installed your certificate before proceeding with these instructions.

  2. Next, install the Windows SDK onto your computer.

  3. Last of all, you will need to use the SignTool command to sign your program. You can run either method below.

    Note: When running either SignTool command, modify the section in red to match your filename(s). If you have more than one Code Signing Certificate on your computer, it is recommended that you manually select the certificate to use for signing code. After running the command, you will be prompted to enter your device's password.

    Automatically Select Signing Certificate

    Open a command prompt with elevated privileges and run the following command to have Signtool automatically select which Code Signing Certificate to use:

    signtool sign /t /a "c:\path\to\file_to_sign.exe"

    Manually Specify the EV Code Signing Certificate to Use

    Using the manual SignTool command given below you can specifically select which certificate to use for publishing your programs.

    To manually select the EV Code Signing Certificate for SignTool to use, you will need to get your certificate's subject name.

    To get a certificate's subject name in your user's personal account, go to the Start menu and type certmgr.msc and press Enter.

    Then expand Personal > Certificates to list all of the certificates installed for that user account.
    The subject name of the certificate is the text listed under the 'Issued to' field.

    EV Code Signing Certificate Subject Name from certmgr.msc

    Then enter this text into the "subject name" of the command below and follow it with the file you're signing:

    signtool sign /t /n "subject name" "C:\path\to\fileToSign.exe"

    You should then receive a confirmation that the file was successfully signed and timestamped.

  4. Buy an EV Code Signing Certificate Today!

    Buy Now