Signing a Windows app

Code signing is a security technology that you use to certify that an app was created by you.


Installing Visual Studio

On Windows, apps are signed using Sign Tool, which is included in Visual Studio. Install Visual Studio to get the signing utility (the free Community Edition is enough).

Acquiring a certificate

You can get a Windows Authenticode code signing certificate from many vendors. Prices vary, so it may be worth your time to shop around. Popular vendors include:
  • digicert
  • Sectigo
  • Amongst others, please shop around to find one that suits your needs! 😄
Keep your certificate password private
Your certificate password should be a secret. Do not share it publicly or commit it to your source code.

Configuring Electron Forge

On Windows, Electron apps are signed on the installer level at the Make step.
Once you have a Personal Information Exchange (.pfx) file for your certificate, you can sign Squirrel.Windows and MSI installers in Electron Forge with the certificateFile and certificatePassword fields in their respective configuration objects.
For example, if you are creating a Squirrel.Windows installer:
module.exports = {
packagerConfig: {},
makers: [
name: '@electron-forge/maker-squirrel',
config: {
certificateFile: './cert.pfx',
certificatePassword: process.env.CERTIFICATE_PASSWORD