VeriSign Code Signing for Windows executables

It is quite chaotic to sign software with VeriSign's "myprivatekey.pvk" and "mycredentials.spc".   First, I was trying to follow the Code Signing Support document by VeriSign.  But it is very much out of date!

After looking at "Code Signing with CodeSign" and this forum post of "How to sign EXE using signtool with Verisign SPC and PVK on the command line",  I found a solution:

1. Create  a sigle .pfx certificate that contains both private and public keys:

pvk2pfx  -pvk myprivatekey.pvk -spc mycredentials.spc -pfx  mypair.pfx

2. Sign the executable with the command (I am using BASH shell in Cygwin):

signtool.exe sign \
  /f mypair.pfx /v  \
  /sha1 F.....178   \
  /du http://www.i2align.com /t http://timestamp.verisign.com/scripts/timstamp.dll  $@

This solution works with Windows SDK 6.1, 7.0a, and 7.0.