diff --git a/.github/workflows/desktop.release.reuse.yml b/.github/workflows/desktop.release.reuse.yml
index 00ad4094d..c8c7063b1 100644
--- a/.github/workflows/desktop.release.reuse.yml
+++ b/.github/workflows/desktop.release.reuse.yml
@@ -254,6 +254,9 @@ jobs:
         working-directory: packages/desktop
 
     steps:
+      - name: Code signing with Software Trust Manager
+        uses: digicert/ssm-code-signing@v1.0.0
+
       - name: Checkout
         uses: actions/checkout@v3
 
@@ -289,13 +292,21 @@ jobs:
       - name: Set variables
         id: variables
         run: |
+          export DEBUG='electron-builder'
+
           echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
           echo "KEYPAIR_NAME=snkeypair" >> $GITHUB_OUTPUT
           echo "CERTIFICATE_NAME=sncertificate" >> $GITHUB_OUTPUT
+
+          echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
+          echo "::set-output name=KEYPAIR_NAME::snkeypair"
+          echo "::set-output name=CERTIFICATE_NAME::sncertificate"
+
           echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
           echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
           echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
           echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
+
           echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
           echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
           echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH
diff --git a/packages/desktop/package.json b/packages/desktop/package.json
index 8a746c302..a825e1dcf 100644
--- a/packages/desktop/package.json
+++ b/packages/desktop/package.json
@@ -123,7 +123,7 @@
       "certificateSubjectName": "Standard Notes Ltd.",
       "publisherName": "Standard Notes Ltd.",
       "signDlls": true,
-      "sign": "scripts/windowsSign.js"
+      "sign": "./scripts/windowsSign.js"
     },
     "nsis": {
       "deleteAppDataOnUninstall": true
diff --git a/packages/desktop/scripts/windowsSign.js b/packages/desktop/scripts/windowsSign.js
index 7a24c914a..51a0c550e 100644
--- a/packages/desktop/scripts/windowsSign.js
+++ b/packages/desktop/scripts/windowsSign.js
@@ -1,7 +1,10 @@
-exports.default = async function(configuration) {
-  if(configuration.path){
-    require("child_process").execSync(
-      `smctl sign --keypair-alias=snkeypair --input "${String(configuration.path)}"`
-    );
+exports.default = async function (configuration) {
+  if (configuration.path) {
+    require('child_process').execSync(
+      `smctl sign --keypair-alias=snkeypair --input "${String(configuration.path)}" --verbose`,
+      {
+        stdio: 'inherit',
+      },
+    )
   }
-};
+}