Test Microsoft SignTool commands

4min
This section runs the following Microsoft SignTool commands: signtool sign and signtool verify.
The signtool sign command pertains more specifically to this integration because it is the only SignTool command that initiates communication with the . SignTool must be able to access the private key stored in  to complete the code signing operation successfully.
Sign a file using the configured code Signing certificate
The following example signs an .exe file, but you can sign other types of files by using SignTool. See the following document for details: https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-tools﻿
Open PowerShell or Windows Command Prompt and run the following command, replacing MyCertificate with the Subject Name of your certificate and example.exe with the name of the file that you are signing:
Text
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
signtool sign /sm /fd sha256 /s My /n "MyCertificate" example.exe
﻿
If the command succeeds, you should receive the following message:
Text
Done Adding Additional Store
Successfully signed: example.exe
Done Adding Additional Store
Successfully signed: example.exe
﻿
Verify the file that was signed
To verify the file that was signed, run the following command:
Text
signtool verify /pa example.exe
signtool verify /pa example.exe
﻿
If the command succeeds, you should see output similar to the following example:
Text
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
File: example.exe
Index  Algorithm  Timestamp
========================================
0      sha1       None

Successfully verified: example.exe
﻿
﻿
Updated 09 Dec 2024
Did this page help you?
Associate a private key with a certificate
Credential management