Using SignTool to Sign a File
The following command signs the file named MyControl.exe using a certificate stored in a Personal Information Exchange (PFX) file:
SignTool sign /f MyCert.pfx MyControl.exe
The following command signs the file using a certificate stored in a password-protected PFX file:
SignTool sign /f MyCert.pfx /p MyPassword MyControl.exe
Note
Ensure that you properly protect the password.
The following command signs and time stamps the file:
SignTool sign /f MyCert.pfx /t http://timestamp.digicert.com MyControl.exe
Note
For information about time stamping a file after it has already been signed, see Adding Time Stamps to Previously Signed Files.
The following command signs the file using a certificate located in the My store with a subject name of My Company Publisher:
SignTool sign /n "My Company Publisher" MyControl.exe
The following command signs an ActiveX control and provides information that is displayed by Internet Explorer when the user is prompted to install the control:
SignTool sign /f MyCert.pfx /d "My Product Name" /du "https://www.example.com/myproductinfo.html" MyControl.exe
The following command signs the file using a certificate whose private key information is protected by a hardware cryptography module. For example purposes, assume that the certificate called "My High-Value Certificate," has a private key installed in a hardware cryptography module, and the certificate is properly installed.
SignTool sign /n "My High-Value Certificate" MyControl.exe
The following command signs the file using a certificate whose private key information is protected by a hardware cryptography module. A computer store is specified for the certification authority (CA) store.
SignTool sign /n "My High Value Certificate" /sm /s CA MyControl.exe
The following command signs the file using a certificate stored in a file. The private key information is protected by a hardware cryptography module, and the cryptographic service provider (CSP)and key container are specified by name. This command is useful if the certificate is not properly installed.
SignTool sign /f HighValue.cer /csp "Hardware Cryptography Module" /k HighValueContainer MyControl.exe
SignTool returns command line text that states the result of the signing operation. Additionally, SignTool returns an exit code of zero for successful execution, one for failed execution, and two for execution that completed with warnings.
For information about verifying a file's signature, see Using SignTool to Verify a File Signature. For information about adding a time stamp if the file has already been signed, see Adding Time Stamps to Previously Signed Files. For additional information about SignTool, see SignTool.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for