Note: signtool cannot authenticode-sign PDFs in a way Adobe Reader recognizes as a PDF digital signature. It can attach an Authenticode signature to the file, but this is not a standards-compliant PDF signature. This is acceptable only if you explicitly need Authenticode (e.g., integrity checks), not Adobe-style signing.
Download and install latest stable Windows SDK for your windows version (usually Windows 11 x64) and . This includes signtool.exe.
https://learn.microsoft.com/en-us/windows/apps/windows-sdk/
Open Command Prompt (press Win+R, type cmd.exe and press Enter).
Locate and test signtool.exe (adjust Windows and SDK version if needed):
cd C:\Program Files (x86)\Windows Kits\11\bin\10.0.22621.0\x64\
signtool.exe
Test that signtool works by signing a single file:
- replace
C:\certpath\certname.p12with path to your certificate - replace
YourPasswordwith your password - replace
C:\pdfs\file.pdfwith the path to the file to sign
Copy this command (with values replaced) into Command Prompt and run it:
signtool sign /f C:\certpath\certname.p12 ^
/p YourPassword ^
/fd SHA256 ^
/tr http://timestamp.digicert.com ^
/td SHA256 ^
C:\pdfs\file.pdf
Replace values as above, and run this command:
for %f in ("C:\pdfs\*.pdf") do signtool sign ^
/f "C:\certpath\certname.p12" ^
/p YourPPassword ^
/fd SHA256 ^
/tr http://timestamp.digicert.com ^
/td SHA256 ^
"%f"