簡單來說,
先用開始選單裡面的Visual Studio 2022->Developer Command Prompt For VS 2022
就是下面這個指令,
signtool sign /a /tr http://timestamp.sectigo.com /td SHA256 xxx.exe

或者你就是想自己下用哪個憑證, 可以先下這個指令
signtool sign /n "你的姓名"  /i "內政部憑證管理中心" /tr http://timestamp.sectigo.com  /td SHA256  xxx.exe

這時候signtool會抱怨找到多組,
SignTool Error: Multiple certificates were found that meet all the given
        criteria. Use the /a option to allow SignTool to choose the best
        certificate automatically or use the /sha1 option with the hash of the
        desired certificate.
The following certificates meet all given criteria:
    Issued to:
    Issued by:
    Expires:   Sun Dec 31 23:59:59 2222
    SHA1 hash: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

    Issued to:
    Issued by:
    Expires:   Sun Dec 31 23:59:59 2222
    SHA1 hash: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

再copy/past第二組SHA1, 指令改成
signtool sign /n "你的姓名"  /i "內政部憑證管理中心" /tr http://timestamp.sectigo.com  /td SHA256 /sha1 BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB  xxx.exe
應該就會出現成功的訊息了.

PS: 2022/07/16 update.
      後來遇到無法簽署位憑證. 查了老半天,
      發現是因為import到舊的內政部憑證管理中心.
      進到 certmgr.msc 把舊的憑證刪掉,
      如果刪錯,可以到下面網址去下載.
      https://moica.nat.gov.tw/save_1.html