Please use the latest version of signtool for this process. 'signtool' available in Windows 8.1 SDK or Windows 10 SDK should be good.

1. Download the Sectogp cross-signed CA that matches your Code Signing certificate's Root CA.
2. Open an elevated Windows command prompt (cmd) and run signtool.exe:

signtool.exe sign /v /p <your PFX password> /ac 'CROSS_SIGNED_SECTIGO_CA_HERE' /f YOUR_PFX_HERE /tr http://timestamp.sectigo.com/rfc3161 'FULL_PATH_TO_FILE_TO_SIGN'

Example: signtool.exe sign /v /p <your PFX password> /ac 'addtrustexternalcaroot_kmod.crt' /f my.pfx /tr http://timestamp.sectigo.com/rfc3161 'C:\\myfile.dll'

Note: For most customers CROSS_SIGNED_SECTIGO_CA_HERE can be downloaded from here:

https://crt.sh/?id=162879059

Related Articles:

• Time Stamping Server
• Signing Microsoft Windows 64-bit Kernel-Mode drivers