I have been working with Microsoft’s Desktop App Converter a lot recently. Even though there’s an option to autosign the resulting package with the -Sign switch I prefer to sign APPX packages myself using signtool.

The reason is that I can send UWP packages to testers for sideloading without requiring them to import the auto generated certificate (which is different on each (re)build).

However I always forget the exact path to signtool.exe (this comes with the Windows SDK).

The Windows 10 SDK is installed by default in C:\Program Files (x86)\Windows Kits\10.

Signtool.exe will be in the folder<sdkpath>\bin\<version>\<platform>\signtool.exe.

As there are multiple version of Windows 10 there are multiple version of the SDK and you can install those concurrently.

But then I found the PowerShell cmdlet Resolve-Path which “Resolves the wildcard characters in a path, and displays the path contents”.

This does exactly what I need:


Wow, Resolve-Path is a perfect example of the many hidden gems in PowerShell!

So I decided to wrap signtool.exe in a PowerShell cmdlet as PowerShell also makes it easy to locate the correct code signing certificate from the certificate store.

The certificate can either be provided with a parameter but if this is omitted the script will search for code signing certificates in the Personal certificates store.

If multiple code signing certificates are found, the script will ask which one you’d like to use:


The script can be downloaded directly from my Github repo.