diff --git a/electron-builder.yml b/electron-builder.yml
index 070f4b6f..f438bc7c 100644
--- a/electron-builder.yml
+++ b/electron-builder.yml
@@ -13,7 +13,7 @@ asarUnpack:
 win:
   executableName: meraki
   icon: build/icon.png
-  sign: ./sign-win/sign-win.js
+  sign: ./sign-win/sign-win.mjs
 nsis:
   artifactName: ${productName}-${version}-setup.${ext}
   shortcutName: ${productName}
diff --git a/sign-win/sign-win.js b/sign-win/sign-win.mjs
similarity index 73%
rename from sign-win/sign-win.js
rename to sign-win/sign-win.mjs
index f91d5a2f..891996f4 100644
--- a/sign-win/sign-win.js
+++ b/sign-win/sign-win.mjs
@@ -1,5 +1,4 @@
-const util = require('util')
-const exec = util.promisify(require('child_process').exec)
+import { execa } from 'execa'
 
 // This is a callback that can be used to sign the executable on Windows.
 // See: https://www.electron.build/configuration/win
@@ -10,12 +9,13 @@ exports.default = async function (configuration) {
   try {
     console.log('@@ Signing for windows', configuration.path)
     const execPath = configuration.path
-    const { stdout, stderr } = await exec(
-    `smctl sign --fingerprint "${configuration.fingerprint}" --input "${execPath}"`,
-    {
-      stdio: 'inherit'
-    }
-    )
+    const { stdout, stderr } = await execa('smctl', [
+      'sign',
+      '--fingerprint',
+      configuration.fingerprint,
+      '--input',
+      execPath
+    ])
     console.log('@@ stdout', stdout)
     console.log('@@ stderr', stderr)
   } catch (error) {