diff --git a/.gitignore b/.gitignore
index 2169c55..24a9dee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ _temp/
 gulp-tsc-tmp-*
 .gulp-tsc-tmp-*
 *.vsix
+*.pfx
 
 node_modules
 typings
diff --git a/.vscode/launch.json b/.vscode/launch.json
index 03db3f6..c70a84f 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -19,6 +19,9 @@
                 "INPUT_FILEALGO": "sha256",
                 "INPUT_FILEPATH": "c:\\temp\\*.dll",
                 "INPUT_RETRYCOUNT": "5",
+                "INPUT_CERTIFICATELOCATION": "computerStore",
+                "INPUT_PFXPATH": "c:\\temp\\code.pfx",
+                //"INPUT_PFXPASSWORD": "passwordhere",
                 "PROCESSOR_ARCHITECTURE": "x64"
             }
         }
diff --git a/Tasks/authenticode-sign/entry.ts b/Tasks/authenticode-sign/entry.ts
index 3e931b5..4bf5b7a 100644
--- a/Tasks/authenticode-sign/entry.ts
+++ b/Tasks/authenticode-sign/entry.ts
@@ -3,15 +3,17 @@ import * as tr from "vsts-task-lib/ToolRunner";
 
 async function run() {
     let signToolLocation: string = getSignToolLocation();
-    let timestampServer: string = tl.getInput("timestampServer", true);
-    let timestampAlgo: string = tl.getInput("timestampAlgo", true);
-    let fileAlgo: string = tl.getInput("fileAlgo", true);
-    let filePath: string = tl.getInput("filePath", true);
     let retryCount: number = Number(tl.getInput("retryCount", true));
 
     let signtool: tr.ToolRunner = new tr.ToolRunner(signToolLocation);
     
-    signtool.arg([ "sign", "/tr", timestampServer, "/td", timestampAlgo, "/fd", fileAlgo, "/a", filePath ]);
+    let signtoolArguments: string[] = ["sign"];
+
+    pushTimestampArgs(signtoolArguments);
+    pushCertArgs(signtoolArguments);
+    pushFileArgs(signtoolArguments);    
+
+    signtool.arg(signtoolArguments);
 
     let i: number = 0;
     
@@ -31,8 +33,55 @@ async function run() {
             }
         }
     }
+}
 
+function pushTimestampArgs(args: string[]) {
+    let timestampServer: string = tl.getInput("timestampServer", true);
+    let timestampAlgo: string = tl.getInput("timestampAlgo", true);
+
+    args.push("/tr", timestampServer, "/td", timestampAlgo);
 }
+
+function pushCertArgs(args: string[]) {
+    let certificateLocation: string = tl.getInput("certificateLocation", true);
+    if (certificateLocation == "computerStore") {
+        return; // Nothing to do.
+    }
+
+    if (certificateLocation == "userStore") {
+        args.push("/sm");
+    }
+
+    if (certificateLocation != "pfxFile") {
+        tl.setResult(tl.TaskResult.Failed, `Unknown cert location: ${certificateLocation}`);
+    }
+
+    let pfxLocation: string = tl.getPathInput("pfxPath", true);
+    if (pfxLocation == null || pfxLocation == '') {
+        let error: string = "Pfx Location not set.";
+        tl.setResult(tl.TaskResult.Failed, error);
+        throw error;
+    }
+
+    tl.checkPath(pfxLocation, "pfxfile");
+
+    let pfxPassword: string = tl.getInput("pfxPassword");
+    if (pfxPassword == null || pfxPassword == '') {
+        let error: string = "Pfx Password not set.";
+        tl.setResult(tl.TaskResult.Failed, error);
+        throw error;
+    }
+
+    args.push("/f", pfxLocation, "/p", pfxPassword);
+}
+
+function pushFileArgs(args: string[]) {
+    let fileAlgo: string = tl.getInput("fileAlgo", true);
+    let filePath: string = tl.getInput("filePath", true);
+
+    args.push("/fd", fileAlgo, "/a", filePath);
+}
+
 function getSignToolLocation(): string {
     let toolLocation: string = tl.getInput("toolLocation", false);
     if (toolLocation != null && toolLocation != "") {
diff --git a/Tasks/authenticode-sign/task.json b/Tasks/authenticode-sign/task.json
index 2fc01dc..4c2867a 100644
--- a/Tasks/authenticode-sign/task.json
+++ b/Tasks/authenticode-sign/task.json
@@ -96,7 +96,7 @@
         },
         {
             "name": "pfxFile",
-            "type": "string",
+            "type": "filePath",
             "label": "Pfx File",
             "defaultValue": "",
             "required": true,