Certificates & Signing
Overview
ProjectAchilles supports up to 5 certificates (uploaded + generated combined) for code signing Windows binaries.
Uploading a Certificate
- Navigate to Settings → Certificates
- Click Upload Certificate
- Select a PFX/P12 file
- Enter the certificate password
- Click Upload
Generating a Self-Signed Certificate
- Navigate to Settings → Certificates
- Click Generate Certificate
- Fill in the subject fields (Common Name, Organization, etc.)
- Click Generate
Platform Differences
- Docker/Railway/Render/Fly.io: Uses OpenSSL CLI for generation and
osslsigncodefor signing - Vercel: Uses
node-forge(pure JS) for generation; signing is not available (no osslsigncode)
Active Certificate
One certificate is marked as "active" at a time. The build service uses the active certificate for all Authenticode signing operations.
Click Set Active on any certificate to make it the current signing certificate.
Storage
| Target | Storage Location |
|---|---|
| Docker/PaaS | ~/.projectachilles/certs/cert-<timestamp>/ |
| Vercel | Vercel Blob (certs/ prefix) |
Legacy Migration
If you have flat certificate files (from an older version), they are automatically migrated to the subdirectory structure on first access.