How to digitally sign binaries


If you need to sign your binary, you can find all you need about Authenticode signing here: http://msdn2.microsoft.com/en-us/library/ms537359.aspx. As an ISV, you will need a 3rd party certificate. However for testing you can create your own certificate and tell your machine to trust it.

From an elevated command prompt, you first need to create a test certificate:

Makecert -r -pe -sr localMachine -ss demostore -n "CN=DemoCert" democert.cer

Then you sign your binary

Signtool Sign /v /s demostore /n DemoCert /t {yourbinary.exe}

And finally you add the cert to the store so that it is trusted:

Certmgr -add democert.cer -s -r localMachine Root

You can find the tools in platform sdk and resource kit.


Comments (2)
  1. Amit says:

    Thanks for this helpful link.

    I need to remove the democert now. How do I do that ?

Comments are closed.

Skip to main content