(This is an update to my original post on code signing some years ago: viewtopic.php?f=6&t=4739
I now had to renew my Thawte Code Signing certificate and used my Windows 7 machine to signup for the new certificate. If you are about to renew or signup for a Code Signing Certificate I strongly recommend using a XP machine as Vista or Windows 7 no longer allows exporting the Private Key and create a backupable pfx-file as indicated in my previous code-signing post - this means that if you loose your private key you have to request a new certificate!
I now renewed my certificate (and paid Thawte the $499 for the certificate) using the following steps:
1) Signup for the certificate with Thawte using MSIE8
2) Thawte process the request and issued the certificate after 2 days
3) Login to Thawte Certificate Center and download your certificate. MSIE will install this automatically into the Registry (on Vista/Win 7)
4) Download Thawte root certificates from https://www.thawte.com/roots/index.html
and install Code Signing and Timestamping CA certificates
5) As the Microsoft SDK should already be installed, the signtool.exe too can be used to sign the EXE. You will probably have two certificates on the system (the old certificate is still valid as you renew before the old expired - right?) and the "/a" switch will allow signtool.exe to select the "best" certificate which works for me. The following command is what I use to sign and timestamp:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /n "NAME OF CERTIFICATE" /a /t http://timestamp.verisign.com/scripts/timestamp.dll /v "My Application.exe"
NAME OF CERTIFICATE is usually the name of your organization requesting the certificate. You can find it in mmc using the Certificate snap-in.
Please note that I do not endorse or support Thawte code signing certificates or is affiliated with Thawte in any way. You should browse the market for alternatives.