How to: Digitally Sign the Add-In Package


Updated: October 9, 2012

Applies To: Windows Server 2012 Essentials, Windows Home Server 2011, Windows Storage Server 2008 R2 Essentials, Windows Small Business Server 2011 Essentials

After you create the cabinet file for your add-in by using the procedure listed in How to: Create the Add-In Package, it is recommended that you digitally sign the file for secure installation.

You use the signtool.exe utility to digitally sign your cabinet file. The signtool.exe utility is included in the Windows Software Development Kit (SDK), which is automatically installed when you install Visual Studio. Signtool.exe can be found in %ProgramFiles%\Microsoft SDKs\Windows\v6.0A\Bin. If Visual Studio is not installed, you can download Microsoft Windows SDK for Windows 7 and .NET Framework 4.0 (

To digitally sign the cabinet file

  1. Ensure that you have obtained a digital certificate from a Certification Authority. For more information about digital certificates, see Code Signing (

  2. Open a Command Prompt window, change the directory to where your cabinet file is located, and then run the following command:

    signtool.exe sign /a WSSAddinDeploymentSample.wssx

    WSSAddinDeploymentSample.wssx is the name that was given to the cabinet file in the previous section.

    For more information about using the signtool.exe utility, see Sign Tool (Signtool.exe) (

System_CAPS_ICON_important.jpg Important

If your cabinet file is not signed by a digital certificate, a security warning is displayed before the add-in is installed. This warning specifies that the authenticity of the add-in cannot be verified and that problems can occur if the unsigned software is installed. The add-in can be installed without the digital certificate, but it is not recommended.