Signing a Windows EXE file

You can try using Microsoft’s Sign Tool

You download it as part of the Windows SDK for Windows Server 2008 and .NET 3.5. Once downloaded you can use it from the command line like so:

signtool sign /a MyFile.exe

This signs a single executable, using the “best certificate” available. (If you have no certificate, it will show a SignTool error message.)

Or you can try:

signtool signwizard

This will launch a wizard that will walk you through signing your application. (This option is not available after Windows SDK 7.0.)

If you’d like to get a hold of certificate that you can use to test your process of signing the executable you can use the .NET tool Makecert.

Certificate Creation Tool (Makecert.exe)

Once you’ve created your own certificate and have used it to sign your executable, you’ll need to manually add it as a Trusted Root CA for your machine in order for UAC to tell the user running it that it’s from a trusted source. Important. Installing a certificate as ROOT CA will endanger your users privacy. Look what happened with DELL. You can find more information for accomplishing this both in code and through Windows in:

  • Stack Overflow question Install certificates in to the Windows Local user certificate store in C#

  • Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

Hopefully that provides some more information for anyone attempting to do this!

Leave a Comment