diff --git a/packages/electron-builder/src/options/winOptions.ts b/packages/electron-builder/src/options/winOptions.ts
index 9bec210c5d3..671b6713169 100644
--- a/packages/electron-builder/src/options/winOptions.ts
+++ b/packages/electron-builder/src/options/winOptions.ts
@@ -47,6 +47,11 @@ export interface WinBuildOptions extends PlatformSpecificBuildOptions {
    */
   readonly certificateSubjectName?: string
 
+  /**
+  SHA1 of the certificate to sign with.
+   */
+  readonly certificateSHA1?: string
+
   /**
   The URL of the RFC 3161 time stamp server. Defaults to `http://timestamp.comodoca.com/rfc3161`.
    */
diff --git a/packages/electron-builder/src/windowsCodeSign.ts b/packages/electron-builder/src/windowsCodeSign.ts
index 9a3da7f23db..32255e5d4ab 100644
--- a/packages/electron-builder/src/windowsCodeSign.ts
+++ b/packages/electron-builder/src/windowsCodeSign.ts
@@ -90,6 +90,15 @@ async function spawnSign(options: SignOptions, inputPath: string, outputPath: st
     }
   }
 
+  if (options.options.certificateSHA1) {
+    if (isWin) {
+      args.push("/sha1", options.options.certificateSHA1)
+    }
+    else {
+      throw new Error("certificateSHA1 supported only on Windows")
+    }
+  }
+
   if (!isWin || hash !== "sha1") {
     args.push(isWin ? "/fd" : "-h", hash)
     if (isWin && process.env.ELECTRON_BUILDER_OFFLINE !== "true") {