97 | | signtool.exe sign /v /ac digicert-cross-cert.crt /t http://timestamp.digicert.com /f kernel-mode.pfx /p <pfx-password> tap6/amd64/tap0901.cat |
98 | | signtool.exe sign /v /ac digicert-cross-cert.crt /t http://timestamp.digicert.com /s My -n <subjectname> tap6/amd64/tap0901.cat |
| 97 | signtool.exe sign /v /s My /n OpenVPN /ac digicert-assured-id-ca-root.crt /t http://timestamp.digicert.com /fd SHA1 tap6/amd64/tap0901.cat |
| 98 | signtool.exe sign /v /f digicert-sha1-codesigning.pfx /p <pfx-password> /ac digicert-assured-id-ca-root.crt /as /t http://timestamp.digicert.com /fd SHA1 tap6/amd64/tap0901.cat |
| 99 | }}} |
| 100 | Example of adding two signatures and timestamps (required signtool.exe from Windows Kit 10): |
| 101 | {{{ |
| 102 | # Create primary (SHA1) signature (certificate in a pfx file) |
| 103 | signtool.exe sign /v /f digicert-sha1-codesigning.pfx /p <pfx-password> /ac digicert-assured-id-ca-root.crt /fd SHA1 tap6/amd64/tap0901.cat |
| 104 | signtool.exe timestamp /tr http://timestamp.digicert.com /td SHA1 /tp 1 tap6/amd64/tap0901.cat |
| 105 | |
| 106 | # Add secondary (SHA2) signature (certificate in the certificate store) |
| 107 | signtool.exe sign /v /s My /n OpenVPN /ac digicert-extended-validation-ca-root.crt /as /fd SHA256 tap6/amd64/tap0901.cat |
| 108 | signtool.exe timestamp /tr http://timestamp.digicert.com /td SHA256 /tp 1 tap6/amd64/tap0901.cat |