Windows

This page describes how to sign your application for Windows.

By code signing your application, you reassure users that they are downloading the legitimate executable of your app and not a malicious imitation. While not mandatory, code signing significantly enhances user trust and confidence in your application.

Prerequisites

• Microsoft’s SignTool.
• OpenSSL. If you have Git for Windows installed, then you already have it in C:\Program Files\Git\usr\bin\openssl.exe.

Getting a code signing certificate

To sign your application, you need to acquire a Code Signing certificate from one of the supported certificate authorities like Digicert, Sectigo (formerly Comodo), or Godaddy.

You will get a certificate file (e.g. cert.cer) and a private key (e.g. private.key) from your certificate authority. To sign your application, you need to convert these files to a Personal Information Exchange (PFX) file. You can do it in PowerShell using the following command:

openssl.exe pkcs12 -export -out cert.pfx -inkey private.key -in cert.cer

Important: Don’t forget the export password when prompted, you will need it in the next step.

Molybden configuration

To have Molybden sign your application, you need to set the following properties in molybden.conf.json:

{
  "app": {
    "name": "MyApp",
    "version": {
      "major": "1",
      "minor": "0",
      "patch": "0"
    },
    "author": "",
    "copyright": "",
    "description": "",
    "bundle": {
      "Windows": {
        "icon": "src-cpp/assets/app.ico",
        "certFile": "",
        "certPassword": "",
        "digestAlgorithm": "",
        "timestampServerURL": ""
      },
      ...
    },
    ...
  }
}

Here’s description of what you should set as values for these properties:

Signing application

Once you set all the required properties in molybden.conf.json, your application will be signed automatically whenever you run:

npm run molybden build

Congratulations! You have successfully signed your Molybden application!