How to digitally sign binaries

Article
01/28/2008

If you need to sign your binary, you can find all you need about Authenticode signing here: https://msdn2.microsoft.com/en-us/library/ms537359.aspx. As an ISV, you will need a 3^rd party certificate. However for testing you can create your own certificate and tell your machine to trust it.

From an elevated command prompt, you first need to create a test certificate:

Makecert -r -pe -sr localMachine -ss demostore -n "CN=DemoCert" democert.cer

Then you sign your binary

Signtool Sign /v /s demostore /n DemoCert /t {yourbinary.exe}

And finally you add the cert to the store so that it is trusted:

Certmgr -add democert.cer -s -r localMachine Root

You can find the tools in platform sdk and resource kit.

How to digitally sign binaries

Additional resources