Step-By-Step Guide To Install Sectigo Code Signing Certificate on Windows

Install Sectigo Code Signing Cert on Windows

Key Updates to Know:

  • Based on the New CA/B requirement June 2023, all OV, EV, and Individual Code Signing Certs are now generated and stored on Hardware tokens or HSM only.
  • Starting in Feb 2026, the Sectigo Token-Based Code Signing Certificate will be limited to 1 Year. If you want, multi-year options go with Install on Existing Token.

In this tutorial, we show you the process of installation sectigo code signing certificate using a USB Token and the SafeNet Tool as per the new guidelines.

Steps to Install Code Signing Certificate on Windows

Installation steps involve receiving your code signing cert, downloading and installing the SafeNet Authentication Client for hardware tokens, plugging in the USB token, activating tokens, and using the Windows SDK signtool.exe to sign files.

Step 1: Install SafeNet Authentication Client

CA like Sectigo/Comodo/DigiCert/Certera delivers certificate on a USB hardware token. 

  • Download: Download the SafeNet Authentication Client (SAC) compatible with your Windows version from the Sectigo website.
  • Install: Run the installer, follow the setup wizard, and accept the license agreement.
  • Connect: Plug the USB token into your computer. 

Step 2: Configure and Activate Token

  • Launch SAC: Open the SafeNet Authentication Client application.
  • Password: Activate the token using the temporary password provided by Sectigo in your email. Later you need to reset it.
  • Change Password: It is recommended to change the temporary password to a unique one.
  • Verify: Ensure your certificate appears in the token list. 

Step 3: Sign Your Application Using SignTool

  • Install Windows SDK: Download and install the Windows Software Development Kit (SDK) to acquire the signtool.exe utility. Skip this step if you already installed this on your system.
  • Locate SignTool: Typically found in C:\Program Files (x86)\Windows Kits\10\bin <version>\x64\signtool.exe.
  • Sign the Executable: Use the command prompt to sign your EXE, DLL files. 
signtool sign /a /tr http://timestamp.sectigo.com /td sha256 /fd sha256 "C:\path\to\your\file.exe"

Step 4: Verify the Signature (Optional but Recommended)

  • Right-click the signed file, select Properties, and click the Digital Signatures tab to verify the certificate details. You will get all the details of the signed certificate.

Concluding Up

By following the above process and having proper credentials and access, within 10-15 minutes, the Windows machine will prepare you for tamper-proofing any executable file using the Sectigo Code Signing Certificate.

Code Signing Tutorials

Cheap Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Starting at Just $215.99/Year

Related posts:

  1. How to Install EV Code Signing Certificate [A Step-by-Step Guide]
  2. How to Install OV Code Signing Certificates [A Step-by-Step Guide]?
  3. How to Renew Your Code Signing Certificate [A Step-by-Step Guide]
  4. Step by Step Guide to Sign an EXE or Windows Application
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.