Signing a Windows app

Code signing is a security technology that you use to certify that an app was created by you.

Prerequisites
Installing Visual Studio
On Windows, apps are signed using Sign Tool, which is included in Visual Studio. Install Visual Studio to get the signing utility (the free Community Edition is enough).
Acquiring a certificate
You can get a Windows Authenticode code signing certificate from many vendors. Prices vary, so it may be worth your time to shop around. Popular vendors include:
​digicert​
​Sectigo​
Amongst others, please shop around to find one that suits your needs! 😄
Keep your certificate password private
Your certificate password should be a secret. Do not share it publicly or commit it to your source code.
Configuring Electron Forge
On Windows, Electron apps are signed on the installer level at the Make step.
Once you have a Personal Information Exchange (.pfx) file for your certificate, you can sign Squirrel.Windows and MSI installers in Electron Forge with the certificateFile and certificatePassword fields in their respective configuration objects.
For example, if you are creating a Squirrel.Windows installer:
forge.config.js
module.exports = {
  packagerConfig: {},
  makers: [
    {
      name: '@electron-forge/maker-squirrel',
      config: {
        certificateFile: './cert.pfx',
        certificatePassword: process.env.CERTIFICATE_PASSWORD
      }
    }
  ]
}

Guides - Previous

Code Signing

Signing a macOS app

Last modified 4d ago