diff --git a/.github/SSLcom-sandbox.crt b/.github/SSLcom-sandbox.crt
index 35de9181..84a7d867 100644
Binary files a/.github/SSLcom-sandbox.crt and b/.github/SSLcom-sandbox.crt differ
diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
index 28985634..35f17014 100644
--- a/.github/workflows/build_windows.yaml
+++ b/.github/workflows/build_windows.yaml
@@ -179,19 +179,15 @@ jobs:
               if: inputs.sign == ''
               run: |
                   Set-StrictMode -Version 'Latest'
-                  Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath ./.github/SSLcom-sandbox.crt
-
-            #            - name: Check signature is present
-            #              run: |
-            #                  $sigs = Get-AuthenticodeSignature (get-item ./dist/win-*unpacked/*.exe)
-            #                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)
-            #                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/*.msi)
+                  Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath .github/SSLcom-sandbox.crt
 
             - name: Check app was signed successfully
               run: |
-                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/win-*unpacked/*.exe)
-                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)
-                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/*.msi)
+                  Set-StrictMode -Version 'Latest'
+                  Get-ChildItem `
+                      -Recurse "." `
+                      -Include *.exe, *.msi `
+                  | ForEach-Object -Process {. 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe' verify /pa $_.FullName; if(!$?) { throw }}
 
             - name: Upload Artifacts
               uses: actions/upload-artifact@v4