signtool failing to dual sign SHA2 and SHA1 with timestamps

Question

We need to dual sign our binaries with SHA1 and SHA2 using signtool.exe, our certificate supports 256-bit SHA2.

Using the Windows 8 SDK\'s signtool:

e.g.:

Answer 1

Adding to martin_costello answer, XP and Vista do not support the RFC timestamp. You need to use the /t option for sha1 signatures.

signtool.exe sign /sha1 SHA1_Thumprint /v /d "FileDescription" /du "CompanyURL" /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "FileName.dll"
signtool.exe sign /sha1 SHA256_Thumprint /as /v /d "FileDescription" /du "CompanyURL" /fd sha256 /tr http://timestamp.comodoca.com/rfc3161 /td sha256 "FileName.dll"