Using Your EV Code Signing Certificate to Sign Your EV Verification XML File

Because DigiCert EV code signing certificates are accepted by Microsoft, you (developers) can use them to sign your EV verification XML files for the Windows Store.

Note:    To sign your EV verification XML file, you must have an EV Code Signing Certificate with a SHA-2 signature algorithm.

After activating your EV codes signing token, you can use it to sign your code and your EV verification XML file for the Microsoft Store.


How to Sign Your EV Verification XML File

  1. Plug in your EV code signing token/device now.

  2. Export the public certificate from your EV code signing token as a .cer file.

    1. Open SafeNet Authentication Client Tools.

    2. Click the Advanced View icon (gold gear).

    3. Expand Tokens > “Your-EV-Code-Signing-Certificate” (i.e. EV SHA2) > User certificates, right-click on your EV code signing certificate, and select Export Certificate.

    4. In the Token Logon window, enter your Token Password and then click OK.

    5. In the Save As window, navigate to where you want to save your file, name your .cer file (i.e. XMLSigning.cer), and then click Save.

  3. Download the Code Signing Tool for Xml.


  4. Rename the downloaded executable file as SignXml.exe.

  5. Open a command prompt and run the following command from the directory where the SignXml.exe file is located:

    SignXml.exe TOKEN SHA256 “path/to/XMLSigning.cer” “path/to/signableXmlFile”

  6. Your signed XML File should be saved as SHA256SignedOriginalFileName.xml.

  7. Log into your Windows Store development account.

  8. Click Account and under Extended Validation Status, click Upload signed file.

  9. Browse to and select your signed EV Verification XML file.

  10. After your file is uploaded, you should receive immediate confirmation that “You have Extended Validation status”.

Buy an EV Code Signing Certificate Today!

Buy Now