During a recent Windows 7 Application Compatibility Lab I was asked by a Partner, who was in the process of getting their application certified for The Windows 7 Software Logo Program, how to go about signing an application as this is one of the requirements. I thought this would be easier to find than it was, and so I’ve written up the process below.
Firstly you will need to acquire a Software Publisher Certificate from a third-party CA that is authorized by Microsoft to issue such certificates, e.g. Verisign. For my purpose though I will create a test certificate using makecert.exe and cert2spc.exe from the Windows 7 SDK.
C:\>makecert -r -n "CN=Dave Allen,O=My Company,E=Dave.Allen@microsoft.com" -sv mycert.pvk mycert.cer
C:\>cert2spc mycert.cer mycert.spc
You will need to create a .pfx file from your certificates using pvk2pfx.exe, also available from the Windows 7 SDK.
C:\>pvk2pfx -pvk mycert.pvk -spc mycert.spc -pfx mycert.pfx –f
Once you have your .pfx file you can sign your application.
C:\>signtool sign -f mycert.pfx -t http://timestamp.verisign.com/scripts/timstamp.dll -v MyApp.exe