diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 533cbfc..9ff28f4 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -228,6 +228,7 @@ if (WIN32)
     if (NOT SIGNTOOL)
         message(FATAL_ERROR "Unable to locate signtool.exe used for code signing")
     endif()
+    add_definitions(-DSIGNTOOL="${SIGNTOOL}")
 
     add_custom_command(TARGET ${PROJECT_NAME}
         POST_BUILD
diff --git a/src/windows/rpi-imager.nsi.in b/src/windows/rpi-imager.nsi.in
index d8f6985..4f8a066 100644
--- a/src/windows/rpi-imager.nsi.in
+++ b/src/windows/rpi-imager.nsi.in
@@ -63,13 +63,13 @@ InstallDir "$PROGRAMFILES\Raspberry Pi Imager"
   ; That will have written an uninstaller binary for us.  Now we sign it with your
   ; favorite code signing tool.
  
-  !system '"c:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a "$%TEMP%\uninstall.exe"' = 0
+  !system '"@SIGNTOOL@" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a "$%TEMP%\uninstall.exe"' = 0
  
   ; Good.  Now we can carry on writing the real installer.
  
   OutFile "${INSTALLER_NAME}"
   SetCompressor /SOLID lzma
-  !finalize '"c:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a "%1"'
+  !finalize '"@SIGNTOOL@" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a "%1"'
 !endif
 
 ###