code signing certificate bind with .exe

Posted on Feb 20 2017, 12:04 PM

we issue code signing certificate to user .

how to bind code signing certificate with .exe

what is requirement of binding code signing certs with .exe

  • Products
  • DigiCert Code Signing
  • 0

    how to sign certificate with.exe

    If anyon knows this procedure 

    please provide step by step procedure.


  • 0

    Hi Upendra,

    You can follow the step by step procedure here:


    A Microsoft Authenticode can digitally sign 32-bit or 64-bit user-mode for .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap files and kernel-mode software.

    Hope this helps.

  • 0

    Hi Mei B

    Please provide steps which we follow

  • 0

    Hi Upendra,

    I apologize. Here are the step by step procedure signing your files:


    Again, A Microsoft Authenticode can digitally sign 32-bit or 64-bit user-mode for .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap files and kernel-mode software. The link I have provided above is for dual signing to sign your .exe file with SHA1 and SHA2. 

    Here's an additional information about the Microsoft Windows SHA-1 & SHA-2 Code Signing Hash Algorithm Support:


    Hope that helps. 

  • 0

    thanks for support 

    i follow link which u provided me 

    but i seen error : no certificate were found that met all the given criteria

    thanks in advanced

  • 0

    This error will occur if the Code Signing Certificate for Microsoft Authenticode cannot be found on the machine used to sign code.  

    To resolve this problem, use the following steps to verify the certificate is installed correctly:
    1.Open Internet Explorer
    2.Click Tools > Internet Options > Content tab > Certificates
    3.Under the Personal tab, double-click the certificate
    4.At the bottom of the General tab, the following statement must exist:

    "You have a private key that corresponds to this certificate"

    If the statement does not exist:

    Opt 1: Export the certificate (with the private key) from the original machine you have enrolled/installed the Code Signing Certificate from and import it to the current machine you are signing a file. 

    How to export Code Signing Certificate for Microsoft Authenticode in .PFX format from Internet Explorer

    Opt 2: A replacement certificate is required. 

  • 0

    Hi Mei B

    Thanks a lot For Support 

    We sign succesfully .exe 

  • 0

    Hi Mei B

    we sign succesfully .exe and check the .exe properties display my organization name.

    if signed .exe copy to another pc and check the properties display error

    " information a certificate chain processed, but terminated in a root certificate which is not trusted by the trust publisher"

    can u suggest me why this error message display 

     step taken from my side 

    We generate csr from our IIS server

    Issued certificate From MPKI portal against of that Csr

    We received two certificate and  copy issuing chain certificate into text and save to .p7b file format , installed this certificate into MMC personal folder .

    After installation we export that certificate in .pfx format

    This certificate copy to another internet pc for signing .exe .

    We installed  exported certificate on Internet pc

    We signed successfully and display the digital signature is ok on .exe file but that .exe copy to another pc the message display on  A certificate chain processed, but terminiate in a root certificate which is not trusted by trust provider.

    If we installed Same certificate on second pc error is removed

    Can u suggest why this error occurs

    And how to remove this error

  • 0


    After you installed the certificate and when you export the certificate, please make sure you selected to export "Yes, Export the Private Key" and "Include all the certificates in the certification path if possible" it will create a .pfx file and in order for you to sign your file to another machine.

    Here's the instructions on how to export a certificate:


    The error message, "SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."  This is because of the verify command used, signtool verify myfile.exe. When this command is used signtool will use the Windows Driver Verification Policy. In order for the file to verify properly include the /pa switch so that SignTool uses the Default Authentication Verification Policy.

    For more information:


    Hope this helps.

  • 0


    We want to deploy 160 Client Authuntication certificate could you provide Deployment Procedure from MPKI 

    How client certificate make trust relation with code signing certificate or signed .exe

    we want to deploy certificate without internet (we want to download certificate on internet machine and export certificate an then installed to client machine ) if it is possible can you share procedure 

    Thanks In Advance 

2 pages