# Signing Access Anywhere Windows Tools ##### Last updated on: June 13, 2022 When you create your own Windows Tools installer with the packager the installer will not, by default, be signed. This page explains how to sign the installer. ## Create the installer Instructions for using the packager to create the installer are [[:windows:packager|here]]. ## Obtain your certificates ### Certificates from a supplier If you get your certificates from a commercial supplier, be sure that they are in the PFX format. ### Create your own certificates If you do not have the certificates, you can generate some self signed certificates easily using Powershell: $cert = New-SelfSignedCertificate -DnsName demo.sme.io -Type CodeSigning -CertStoreLocation "cert:\LocalMachine\My" $CertPassword = ConvertTo-SecureString -String "//my_password//" -Force -AsPlainText Export-PfxCertificate -Cert $cert -FilePath "//C:\Users\Administrator\Certs\cert.pfx//" -Password $CertPassword Substitute your own values for the values in //italics//. The result will be a PFX file in the location you specified. ## Install signtool You will be using 'signtool' to sign the tools. Signtool is available from the Windows SDK, which you can get from here: https://developer.microsoft.com/windows/downloads/windows-10-sdk/ ## Sign the tools Once signtool is installed you will need to open a DOS prompt and move to the directory containing signtool. You may find it here: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86 (depending on when you install this, the version number there may be slightly different) You can then execute signtool using the following: signtool.exe sign /f //C:\Users\Administrator\Certs\cert.pfx// /t http://timestamp.digicert.com /p //my_password// /fd SHA256 "//C:\Users\Administrator\Downloads\Test4 Testing Tools.22.5.25.0.exe//" In this example above, replace the values in //italics// with the path to your PFX, your password to your certificates, and the path to your generated installer respectively. If this is successful then the EXE will now be signed. You can check this by right clicking on the EXE, and inspecting its properties: {{ :windows::packager:signing:signed-installer-properties.jpg?400 |}}.