DigiCert® Click-to-sign

DigiCert Click-to-sign is a DigiCert® Software Trust Manager client tool that simplifies code signing, using a right-click context menu to sign filers or folders, removing the need for command-line interaction.

Before you begin

Review the following statements:

DigiCert® Click-to-sign relies on Signing Manager Controller (SMCTL) and PKCS#11 library to sign.
These client tools must be stored in the C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\ folder to be used by DigiCert Click-to-sign.
SignTool is not included in the DigiCert-provided Windows client tools package. To learn how to download SignTool, see Download SignTool.

Prerequisites

Windows 10 or Windows 11 operating system
.NET Framework (version 4.7 or higher)
Signing Manager Controller (SMCTL)
PKCS#11 library
DigiCert ONE API key
DigiCert ONE client authentication certificate
Integrated third-party signing tools
Keypair and default certificate
Windows SDK (to use SignTool)
- SignTool is not included in the DigiCert-provided Windows client tools package.
- To learn how to download SignTool, see Download SignTool .
File or folder to be signed

Supported file types

DigiCert Click-to-sign supports the use of any signing tool supported by Signing Manager Controller (SMCTL) and PKCS#11 library, including:

Tabelle 1. File types supported for signing on Windows

Signing tool	File type
Apksigner	.aab
Apksigner	.apk
Jarsigner	.ear
	.jar
	.sar
	.war
Mage	.application
	.manifest
	.vsto
Nuget	.nupkg
Signtool (64-bit)	.appx
	.appxbundle
	.arx
	.cab
	.cat
	.cbx
	.cpl
	.crx (only MS-DOS EXE package format)
	.dbx
	.deploy
	.dll
	.drx
	.efi
	.exe
	.js
	.msi
	.msix
	.msixbundle
	.msm
	.msp
	.ocx
	.psi
	.psm1
	.stl
	.sys
	.vbs
	.vsix
	.vxd
	.wsf
	.xap
	.xsn
Signtool (32-bit)	.doc
	.docm
	.dot
	.dotm
	.mpp
	.mpt
	.pot
	.potm
	.ppa
	.ppam
	.pps
	.ppsm
	.ppt
	.pptm
	.pub
	.vdw*
	.vdx*
	.vsd*
	.vsdm
	.vss*
	.vssm
	.vst*
	.vstm
	.vsx*
	.vtx*
	.wiz*
	.xla
	.xlam
	.xls
	.xlsb
	.xlsm
	.xlt
	.xltm

Download DigiCert Click-to-sign

In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Resources > Client tool repository.
Download DigiCert Click-to-sign Installer.

Install DigiCert Click-to-sign

Run the DigiCert_Click_to_sign.msi application.
In the DigiCert Click-to-sign installation wizard, complete the following:

Beispiel 1. Credentials

DigiCert Click-to-sign client tool needs to integrate with DigiCert ONE REST APIs to validate you and stores your user credentials to expedite future signings.

Select a host environment.

Tabelle 2. Host options

Country	Host type	SM_HOST value
United States of America (USA)	Demo	https://clientauth.demo.one.digicert.com
United States of America (USA)	Production	https://clientauth.one.digicert.com
Switzerland (CH)	Demo	https://clientauth.demo.one.ch.digicert.com
Switzerland (CH)	Production	https://clientauth.one.ch.digicert.com
Japan (JP)	Demo	https://clientauth.demo.one.digicert.co.jp
Japan (JP)	Production	https://clientauth.one.digicert.co.jp
Netherlands (NL)	Demo	https://clientauth.demo.one.nl.digicert.com
Netherlands (NL)	Production	https://clientauth.one.nl.digicert.com

Enter your API key
Provide the path to your client authentication certificate
Enter your client authentication certificate password.
Select Save API key and client certificate password to Windows credential store to avoid having your credentials stored in the environment variables as plain text.

Beispiel 2. Certificate

DigiCert Click-to-sign requires you to choose a certificate to sign with. The default certificate of the keypair you select will automatically be selected.

To select the certificate to sign with:

Select a keypair from the list.
Verify that the default certificate information displayed on the right is correct. If it is not, change the default certificate.
Click Save.

Beispiel 3. Preferences

DigiCert Click-to-sign needs to store your signing preferences so that you simply need to right-click on a file or folder to sign it.

Select a digest algorithm to sign with.
Anmerkung
DigiCert recommends the use of SHA256 because it is the best practice to keep your signatures secure.
Leave this box checked if you want your signature to include a timestamp.
Anmerkung
DigiCert recommends the inclusion of a timestamp because it is a code signing best practice to extend the trust of signed software beyond the validity of the signing certificate.

Set PATH environment variable

Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your DigiCert ONE Signing Manager Tools to ensure that the DigiCert® Click-to-sign can reference these tools.

You can set the PATH environment variable to DigiCert ONE Signing Manager Tools using command line or environment variables.

To set the path to your signing tools via command line, review the following command:

set PATH=%path%;<Path to DigiCert ONE Signing Manager Tools folder>

Review the following command sample:

set PATH=%path%;C:\Program Files\DigiCert\DigiCert One Signing Manager Tools

To set the path to your signing tools for your system or account:

Search for environment variables in the Windows start menu.
Select Edit environment variables for your account or Edit system environment variables.
Double-click on the Path variable.
Select New.
Select Browse.
Provide the path to DigiCert ONE Signing Manager Tools: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools
Select OK to save the path.
Select OK to close the dialog.

Review and sign

To sign immediately using the default settings you selected during the configuration:

Right-click on the file you want to sign.
Select DigiCert® Click-to-sign > Sign now.

To review the file or folder and the default settings before signing:

Right-click on the file you want to sign.
Select DigiCert® Click-to-sign > Review and sign.
Review the selected file and default settings.
Select Sign.

Change default settings

To update your default user credentials, signing algorithm, timestamp settings, and certificate:

Right-click on the file.
Select DigiCert® Click-to-sign > Settings.
Change your preferences.
Select Save.

Troubleshooting

If signing fails, verify the error in signature logs or system logs.

To verify errors in signature logs:

In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Logs > Signature logs.
Next to the column name, select filter icon, and then select the desired filters to apply.
Select the signing event date.
Review the Description field to identify the reason for the error.

To verify errors in system logs:

Locate the system logs in: C:\Users\<username>\.signingmanager\logs.
Review the logs for errors.

In diesem Abschnitt:

DigiCert​​®​​ Click-to-sign