diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
index 20b4258a..2ee75209 100644
--- a/.github/workflows/build_and_test.yaml
+++ b/.github/workflows/build_and_test.yaml
@@ -86,6 +86,11 @@ jobs:
                       os: windows-2022
                       artifact: win-ia32
                       executable: "./dist/win-ia32-unpacked/Element.exe"
+                    - name: Windows (x86) MSI
+                      os: windows-2022
+                      artifact: win-ia32
+                      executable: "C:/Program Files (x86)/Element/Element*.exe"
+                      prepare_cmd: "msiexec ./dist/Element*.msi"
                     - name: Windows (x64) Squirrel
                       os: windows-2022
                       artifact: win-x64
@@ -94,7 +99,7 @@ jobs:
                     - name: Windows (x64) MSI
                       os: windows-2022
                       artifact: win-x64
-                      executable: "C:/Program Files*/Element/Element*.exe"
+                      executable: "C:/Program Files/Element/Element*.exe"
                       prepare_cmd: "msiexec ./dist/Element*.msi"
         name: Test ${{ matrix.name }}
         runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
index 1568f50d..7d574442 100644
--- a/.github/workflows/build_windows.yaml
+++ b/.github/workflows/build_windows.yaml
@@ -37,8 +37,8 @@ jobs:
         environment: ${{ inputs.sign && 'packages.element.io' || '' }}
         env:
             SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe"
+            CERTUTIL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/certutil.exe"
             ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.6/SSL.COM-eSigner-CKA_1.0.6.zip
-            SSLCOM_DEV_CRT: https://raw.githubusercontent.com/adrelanos/codesigner-test/refs/heads/main/SSLcom-DEV.crt
             INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
             MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
             DEBUG: "electron-builder,electron-windows-sign"
@@ -175,11 +175,14 @@ jobs:
               run: |
                   yarn electron-builder --publish never -w ${{ steps.config.outputs.build-args }}
 
-            - name: Trust eSigner demo cert
+            - name: Trust eSigner sandbox cert
               if: inputs.sign == ''
               run: |
-                  Invoke-WebRequest -OutFile SSLcom-DEV.crt "$env:SSLCOM_DEV_CRT"
-                  Import-Certificate -CertStoreLocation Cert:\CurrentUser\My -FilePath ./SSLcom-DEV.crt
+                  $cert = (Get-AuthenticodeSignature -FilePath (get-item ./dist/win-*unpacked/*.exe)).SignerCertificate
+                  $chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
+                  $chain.Build($cert)
+                  $chain.ChainElements[2].Certificate | Export-Certificate -Type CERT -FilePath SSLcom-sandbox-root.crt
+                  . "$env:CERTUTIL_PATH" -addstore root ./SSLcom-sandbox-root.crt
               env:
                   INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
                   MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key