Self-sign your compiled executable from the commandline

Helpful script writing tricks and HowTo's
User avatar
pervect66
Posts: 27
Joined: 09 Jun 2021, 06:53

Self-sign your compiled executable from the commandline

19 Mar 2022, 05:28

I've been using this procedure for a while now to sign my work-related tool, so Windows Defender will give me a little less grief.

First, create a self-signed certificate from PowerShell:

$cert = New-SelfSignedCertificate -DnsName www.yourwebsitename.com -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My
$CertPassword = ConvertTo-SecureString -String "Your_Password" -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($cert.Thumbprint)" -FilePath "C:\temp\Your_Cert_Name.pfx" -Password $CertPassword

Replace the bold text by your own preferred values:

Install Windows Linux Subsystem (WSL) in Windows 10/11: open an administrator Command Prompt or Powershell Window, and type: wsl --install

Start wsl, and first update linux from the command line:

sudo apt update
sudo apt upgrade -y


Then install osslsigncode

sudo apt install osslsigncode

Then you can sign your executable from Windows by executing:

wsl -e osslsigncode sign -pkcs12 "/mnt/c/temp/Your_Cert_Name.pfx" -pass "Your_Password" -n "My app name" -i "https://www.yourwebsitename.com" -t "http://timestamp.comodoca.com/authenticode" -in "/mnt/c/temp/MyUnSignedApp.exe" -out "/mnt/c/temp/MySignedApp.exe"
image.png
image.png (57.69 KiB) Viewed 2843 times
image.png
image.png (18.67 KiB) Viewed 2843 times
I use a batch file to first compile to MyUnSignedApp.exe, then run the above command to create the signed .exe.

I borrowed and stole parts from various people, and found other bits on the web.
Thanks to @hasantr for his tutorial, I just replaced the DigiCert part by wsl because I can script that :-D
robodesign
Posts: 941
Joined: 30 Sep 2017, 03:59
Location: Romania
Contact:

Re: Self-sign your compiled executable from the commandline

11 Jul 2022, 17:14

Hello!
This is very good. Thank you very much for this.

Would the signing prevent virus warnings on other systems /PCs?

Can you please link to hasantr tutorial?

Best regards, Marius.
-------------------------
KeyPress OSD v4: GitHub or forum. (presentation video)
Quick Picto Viewer: GitHub or forum.
AHK GDI+ expanded / compilation library (on GitHub)
My home page.

Return to “Tutorials (v1)”

Who is online

Users browsing this forum: No registered users and 40 guests