Ask a Question

Advanced Search

Solution ID : SO1442

Last Modified : 05/02/2018

Sign code with Microsoft® Authenticode® (Multi-Purpose) Certificate using signcode wizard

Problem

Sign code with signcode wizard
Sign code with Microsoft® Authenticode® (Multi-Purpose) Certificate using signcode wizard
Sign code for .SPC and .PVK style users

Solution

To sign your code with the Signcode wizard do the following:

  1. Open the signcode wizard.
  2. Click on Next.
  3. Select the File to be digitally signed, browse to the file, then cick Next.
  4. Select the type of signing you want. Choose either Typical or Custom.
  5. If you chose Typical do the following:
    • To select the certificate from the certificate store. click on Select from Store.
    • Choose your Certificate, click OK.
    • Click on Next.
    • For Data Description, you can either type a description, or provide Web address that points to a site that contains a description (this is optional), then click Next.
    • Add a Timestamp URL below to the data, click Next

      Important
      : Thawte recommends customers must leverage SHA256 Timestamping service going forward, and should not use a SHA1 service unless there is a legacy platform constraint which doesn’t allow use of SHA2 service.

      The SHA-1 timestamping URL is http://timestamp.verisign.com/scripts/timstamp.dll
      (The timstamp.dll filename is required to conform to old MS-DOS naming convention).

      The SHA-1 with RFC 3161 timestamping URL is http://sha1timestamp.ws.symantec.com/sha1/timestamp

      The SHA-256 with RFC 3161 timestamping URL is http://sha256timestamp.ws.symantec.com/sha256/timestamp
        
    • Check your details and then click Finish.
    • You should receive "The Digital Signing wizard was completed successfully" message, click OK and your code should be signed.
       
  6. If you chose Custom (recommended for advanced users only) then do the following:
    • Select a certificate from either a certificate store or from a file (.cer, .crt or .spc)
    • Click Next.
    • Select the location of the private key, click Browse.
    • Leave the default CSP and Provider type as the defaults, then click Next.
    • Enter the Private key password and click OK.
    • Select a Hash algorithm from the following list (SHA-1 is recommended), click Next.
    • Select the option "All certificates in the certificate path", including the root and "No additional certificates", then click Next.
    • For Data Description, you can either type a description, or provide a Web address that points to a site that contains a description (this is optional), then click Next
    • Add a Timestamp URL below to the data, click Next
      The SHA-1 timestamping URL is http://timestamp.verisign.com/scripts/timstamp.dll
      (The timstamp.dll filename is required to conform to old MS-DOS naming convention).

      The SHA-1 with RFC 3161 timestamping URL ishttp://sha1timestamp.ws.symantec.com/sha1/timestamp

      The SHA-256 with RFC 3161 timestamping URL is http://sha256timestamp.ws.symantec.com/sha256/timestamp

      Important
      : Thawte recommends customers must leverage SHA256 Timestamping service going forward, and should not use a SHA1 service unless there is a legacy platform constraint which doesn’t allow use of SHA2 service.
       
    • Check your details and then Click on Finish.
    • You should receive The Digital Signing wizard was completed message, click on OK and your code should be signed.