diff --git a/electron_app/riot.im/env.sh b/electron_app/riot.im/env.sh
index 79cb6e4e83..0ee810521d 100644
--- a/electron_app/riot.im/env.sh
+++ b/electron_app/riot.im/env.sh
@@ -1 +1 @@
-export OSSLSIGNCODE_SIGNARGS='-pkcs11module /Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib -pkcs11engine /usr/local/lib/engines/engine_pkcs11.so -certs electron_app/riot.im/New_Vector_Ltd.pem -key 0a3271cbc1ec0fd8afb37f6bbe0cd65ba08d3b4d -t http://timestamp.comodoca.com -h sha256 -verbose'
+export OSSLSIGNCODE_SIGNARGS='-pkcs11module /Library/Frameworks/eToken.framework/Versions/Current/libeToken.dylib -pkcs11engine /usr/local/lib/engines/engine_pkcs11.so -certs electron_app/riot.im/New_Vector_Ltd.pem -key 0a3271cbc1ec0fd8afb37f6bbe0cd65ba08d3b4d -t http://timestamp.comodoca.com -verbose'
diff --git a/scripts/electron-package.sh b/scripts/electron-package.sh
index 7a8a5ca7b7..f92c138745 100755
--- a/scripts/electron-package.sh
+++ b/scripts/electron-package.sh
@@ -131,19 +131,18 @@ pubdir="$projdir/electron_app/pub"
 rm -r "$pubdir" || true
 mkdir -p "$pubdir"
 rm -r "$projdir/electron_app/dist" || true
-mkdir -p "$projdir/electron_app/dist/unsigned/"
+mkdir -p "$projdir/electron_app/dist"
 
 # Install packages: what the user downloads the first time,
 # (DMGs for mac, exe installer for windows)
 mkdir -p "$pubdir/install/macos"
 cp $distdir/*.dmg "$pubdir/install/macos/"
 
-# Windows installers need signing, this comes later
 mkdir -p "$pubdir/install/win32/ia32/"
-mkdir -p "$projdir/electron_app/dist/unsigned/ia32/"
+cp $distdir/squirrel-windows-ia32/*.exe "$pubdir/install/win32/ia32/"
 
 mkdir -p "$pubdir/install/win32/x64/"
-mkdir -p "$projdir/electron_app/dist/unsigned/x64/"
+cp $distdir/squirrel-windows/*.exe "$pubdir/install/win32/x64/"
 
 # Packages for auto-update
 mkdir -p "$pubdir/update/macos"
@@ -165,20 +164,6 @@ cp $distdir/squirrel-windows/RELEASES "$pubdir/update/win32/x64/"
 # longer appears to work).
 cp $distdir/*_amd64.deb "$projdir/electron_app/dist/"
 
-# Now we sign the windows installer executables (as opposed to the main binary which
-# is signed in the electron afteSign hook)
-echo "Signing Windows installers..."
-
-exe32=( "$distdir"/squirrel-windows-ia32/*.exe )
-basename32=`basename "$exe32"`
-osslsigncode sign $OSSLSIGNCODE_SIGNARGS -pass "$token_password" -in "$exe32" -out "$projdir/electron_app/pub/install/win32/ia32/$basename32"
-
-exe64=( "$distdir"/squirrel-windows/*.exe )
-basename64=`basename "$exe64"`
-osslsigncode sign $OSSLSIGNCODE_SIGNARGS -pass "$token_password" -in "$exe64" -out "$projdir/electron_app/pub/install/win32/x64/$basename64"
-
-echo "Installers signed"
-
 rm -rf "$builddir"
 
 echo "$pubdir can now be hosted on your web server."
diff --git a/scripts/electron_winSign.js b/scripts/electron_winSign.js
index 9cd2d3f6a9..d55b852848 100644
--- a/scripts/electron_winSign.js
+++ b/scripts/electron_winSign.js
@@ -36,7 +36,7 @@ exports.default = async function(options) {
             'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe',
         );
         const args = [
-            '-hash', options.hash,
+            '-h', options.hash,
             '-pass', tokenPassphrase,
             '-in', inPath,
             '-out', tmpFile,
@@ -44,11 +44,14 @@ exports.default = async function(options) {
         if (options.isNest) args.push('-nest');
         cmdLine += shellescape(args);
 
+        let signStdout;
         const signproc = exec(cmdLine, {}, (error, stdout) => {
-            console.log(stdout);
+            signStdout = stdout;
         });
         signproc.on('exit', (code) => {
             if (code !== 0) {
+                console.log("Running", cmdLine);
+                console.log(signStdout);
                 console.error("osslsigncode failed with code " + code);
                 reject("osslsigncode failed with code " + code);
                 return;