Running the Certificate Utility through the Command Line

You can use the code signing portion of the DigiCert Certificate Utility through a command prompt. Below are your signing options.


/sha1

The SHA1 hash (thumbprint) of the signing certificate. If not present then the certificate that is valid for the longest will automatically be selected. The thumbprint can be in any of the following case-insensitive formats:

"054d9508b364a02a068fa5c6153847b6"
"05 4d 95 08 b3 64 a0 2a 06 8f a5 c6 15 38 47 b6"
"05:4d:95:08:b3:64:a0:2a:06:8f:a5:c6:15:38:47:b6"


/kernelDriverSigning

Add the DigiCert kernel driver cross certificates to the signature.


/noTimestamp

Do not add a timestamp to the signature (a DigiCert timestamp is added by default).


/noInput

Do not ask for ENTER to continue.


filename(s):

Filenames is a list of files to be code signed. To specify more then one file, seperate each filename or file path with the asterisk character *. Enclose the file path with quotes if it contains spaces.

example: DigiCertUtil.exe sign /kernelDriverSigning "example.exe*driver.sys"
example: DigiCertUtil.exe sign /sha1 "054D9508B364A02A068FA5C6153847B6"
"example.exe*driver.sys"