My head hurts.
I’m too old for this.
And am very grateful for a Millennial coworker who patiently spent several hours with me as we tried to figure out Entra users and external users and roles, meaningless (to normal people) error messages, user interface (when do you select, when do you double-click), and other bits and pieces.
Downloaded the newest signtool and other required goodies Set up signing integrations to use Trusted Signing | Microsoft Learn
And finally was able to make a batch file to sign an app.
You’ll note that the code-sign certificate is only valid for 3 days. (Auto-extend, analogous to Let’s Encrypt.) Which makes time-stamp obligatory.
But I have a signed .EXE and no dongle and didn’t have to put in a bunch of tickets to Comodo. So life is good…
