When Visual Installer signs a setup package, it runs an external signer tool. Before you could choose between signcode.exe or signtool.exe, but today it is strongly recommended to use signtool.exe because it is newer, and it is the only one that supports SHA-2.
The signtool.exe tool is installed with Visual Studio and with Windows SDK, and Visual Installer will normally find the newest installed version by itself. But if not, you can select the program file manually in Visual Installer’s editor. If you don’t know where it is located, you can search for “signtool.exe” in Windows Explorer.
Try to choose the newest version of signtool.exe that you can find on your hard drive. If you want to dual sign your setup package (with SHA-1 and SHA-2) you must use the signtool.exe tool version that is shipped with Windows 8.1 SDK or Windows 10 SDK. They are usually located in the following folders:
C:\Program Files (x86)\Windows Kits\8.1\bin\x86
C:\Program Files (x86)\Windows Kits\10\bin\x86
If you don’t have any of these folders on your hard disk, you may have not installed Windows 8.1 SDK or Windows 10 SDK. But these SDK:s can be downloaded for free from Microsoft’s website:
> Windows Software Development Kit (SDK) for Windows 8.1
> Windows Software Development Kit (SDK) for Windows 10