1. Open a Powershell prompt.
  2. Create a new self-signed certificate for Code signing using “New-SelfSignedCertificate -DnsName “yourdomain.com” -Subject “CN=The Name of Your App” -Type CodeSigningCert -CertStoreLocation cert:\CurrentUser\My“. This will create a certificate in the Personal\Certificates folder of the Certificate Manager. You can view this by running “certmgr.msc” from a Run box.
  3. Export the certificate’s public key to an external file for import into the trusted publishers folder of Certificate Manager using “Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)[0] -FilePath “My Code Signing Cert.cer”. Note the “[0]” brackets after the Get-ChildItem call. This implies that the certificate that you want to export is the first child item found. If you have multiple code signing certificates in your Personal storage you may need to modify this parameter. You can always double-click on the CER file that is exported to see if you’ve gotten the correct certificate.
  4. Import the certificate file that you just exported to the trusted publishers storage using “Import-Certificate -FilePath ‘.\My Code Signing Cert.cer’ -Cert cert:\CurrentUser\Root“. This will trust the certificate on your development workstation.
  5. Finally, sign the executable file using “Set-AuthenticodeSignature .\MyApp.exe -Certificate (Get-ChildItem cert:\CurrentUser\My -CodeSigningCert)[0]”. The same caveat regarding the “[0}” array index applies here. This is the command that I could not locate. I kept using SignTool to sign the executable but it never worked. I’m not sure if it was the trusted publisher problem, or this step. This command specifies Authenticode so I think this may have had the most impact.

After that you should have the executable show up with a certificate when authenticating with Quickbooks.


Note: I got most of the information that I used from this StackOverflow Q&A, particularly the answer from @chaami: