This page describes how to sign your application for Windows.

By code signing your application, you reassure users that they are downloading the legitimate executable of your app and not a malicious imitation. While not mandatory, code signing significantly enhances user trust and confidence in your application.


Getting a code signing certificate

To sign your application, you need to acquire a Code Signing certificate from one of the supported certificate authorities like Digicert, Sectigo (formerly Comodo), or Godaddy.

You will get a certificate file (e.g. cert.cer) and a private key (e.g. private.key) from your certificate authority. To sign your application, you need to convert these files to a Personal Information Exchange (PFX) file. You can do it in PowerShell using the following command:

openssl.exe pkcs12 -export -out cert.pfx -inkey private.key -in cert.cer

Important: Don’t forget the export password when prompted, you will need it in the next step.

Molybden configuration

To have Molybden sign your application, you need to set the following properties in molybden.conf.json:

  "app": {
    "name": "MyApp",
    "version": {
      "major": "1",
      "minor": "0",
      "patch": "0"
    "author": "",
    "copyright": "",
    "description": "",
    "bundle": {
      "Windows": {
        "icon": "src-cpp/assets/app.ico",
        "certFile": "",
        "certPassword": "",
        "digestAlgorithm": "",
        "timestampServerURL": ""

Here’s description of what you should set as values for these properties:

Property name Property value
certFile This is the path to the cert.pfx file you created in the previous step.
certPassword The certificate password you exported in the previous step.
digestAlgorithm The SHA digest algorithm used for your certificate. This is likely sha256.
timestampServerURL A URL pointing to a timestamp server used to verify the time the certificate is signed. It’s best to provide the timestamp server provided by your certificate authority here.

Signing application

Once you set all the required properties in molybden.conf.json, your application will be signed automatically whenever you run:

npm run molybden build

Congratulations! You have successfully signed your Molybden application!

On this page