diff --git a/build-release.sh b/build-release.sh
index 416d9a1..bd20550 100755
--- a/build-release.sh
+++ b/build-release.sh
@@ -12,17 +12,17 @@ exec > >(tee -a "out/logs/build-release") 2>&1
 source ./config.sh
 
 can_sign_windows=0
-if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ] && [[ $(type -P "osslsigncode") ]]; then
+if [ ! -z "${WINDOWS_SIGN_NAME}" ] && [ ! -z "${WINDOWS_SIGN_URL}" ] && [[ $(type -P "osslsigncode") ]]; then
   can_sign_windows=1
 else
-  echo "Disabling Windows binary signing as config.sh does not define the required data (SIGN_KEYSTORE, SIGN_PASSWORD), or osslsigncode can't be found in PATH."
+  echo "Disabling Windows binary signing as config.sh does not define the required data (WINDOWS_SIGN_NAME, WINDOWS_SIGN_URL), or osslsigncode can't be found in PATH."
 fi
 
 sign_windows() {
   if [ $can_sign_windows == 0 ]; then
     return
   fi
-  osslsigncode sign -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
+  P11_KIT_SERVER_ADDRESS=unix:path=/run/p11-kit/p11kit.sock osslsigncode sign -pkcs11module /usr/lib64/pkcs11/p11-kit-client.so -pkcs11cert 'pkcs11:model=SimplySign%20C' -key 'pkcs11:model=SimplySign%20C' -t http://time.certum.pl/ -n "${WINDOWS_SIGN_NAME}" -i "${WINDOWS_SIGN_URL}" -in $1 -out $1-signed
   mv $1-signed $1
 }
 
diff --git a/config.sh.in b/config.sh.in
index 8ba7187..1cd1676 100644
--- a/config.sh.in
+++ b/config.sh.in
@@ -52,19 +52,13 @@ export BUILD_NAME='custom_build'
 # Default number of parallel cores for each build.
 export NUM_CORES=16
 
-# Set up your own signing keystore and relevant details below.
+# Set up your own Windows signing details below.
 # If you do not fill all SIGN_* fields, signing will be skipped.
 
-# Path to pkcs12 archive.
-export SIGN_KEYSTORE=''
-
-# Password for the private key.
-export SIGN_PASSWORD=''
-
 # Name and URL of the signed application.
 # Use your own when making a thirdparty build.
-export SIGN_NAME=''
-export SIGN_URL=''
+export WINDOWS_SIGN_NAME=''
+export WINDOWS_SIGN_URL=''
 
 # Hostname or IP address of an OSX host (Needed for signing)
 # eg 'user@10.1.0.10'