During the whitelabel build process we code sign all executables (including the setup executable) with either Divinsa's certificate or a certificate the user provides to the whitelabel form. To code sign 3 things are needed:
1. A valid PFX file (PFX_FILE)
2. The corresponding password for PFX file validation (PFX_URL)
3. The URL to vaildate the PFX file and certificate (PFX_PASSWORD)
We use Microsoft's code signing tool as follows:
https://www.godaddy.com/help/signtool-sign-windows-code-with-a-code-signing-certificate-4778?
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe sign /fd SHA256 /f PFX_FILE /tr PFX_URL /td SHA256 /p PFX_PASSWORD EXE_FILE
Anyone can download Microsoft's SDK for free from:
and test the 3 parameters they will provide prior to submitting them for a whitelabel build.
Note the command line above changed, the change is to use SHA256 to work around the security patch Microsoft released which breaks SHA1 code signed executables causing them to appear corrupted, invalid, or for the actual EXE to crash.
The above is enough information for any customer to test their own PFX file first if they think its not working. If they need our assistance with this, we can help for $185/hr with 1 hour minimum charge.