Signing a Catalog File with a Commercial Release Certificate

Use the following SignTool command to sign the catalog file of a kernel-mode driver package with a commercial release certificate.

Note For 32-bit versions of Windows Vista and later versions of Windows, only a commercial release certificate can be used to sign kernel-mode drivers to be released on these Windows versions.

SignTool sign /v /s CertificateStore /n CertificateName /t


  • The sign command configures SignTool to sign the catalog file

  • The /v verbose option configures SignTool to print execution and warning messages.

  • The /s CertificateStore option specifies the name of the certificate store that contains the CertificateName certificate. Follow the instructions of the certification authority (CA) that issued the certificate on how to install the certificate in the system certificate stores.

  • The /n CertificateName option specifies the name of the certificate in the CertificateStore certificate store.

  • The /t option supplies the URL to the publicly-available time-stamp server that VeriSign provides.

  • is the name of the catalog file.