diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 581afdb2e..fb11cd1fe 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -40,9 +40,10 @@ jobs:
       run: ./build.sh
     - if: matrix.runs-on == 'windows-latest' && github.ref != 'refs/heads/main' && !contains(github.ref, 'refs/tags/')
       run: ./build.ps1
-    - if: (matrix.runs-on == 'macOS-latest') && (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/'))
+    - if: (matrix.runs-on == 'windows-latest') && (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/'))
       env:
         SignClientSecret: ${{ secrets.SIGNCLIENTSECRET }}
       run: |
-        ./build.sh sign
+        ./remove-sectigo-cert.ps1
+        ./build.ps1 sign
         dotnet nuget push .\artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }}
diff --git a/remove-sectigo-cert.ps1 b/remove-sectigo-cert.ps1
new file mode 100644
index 000000000..fa157ca24
--- /dev/null
+++ b/remove-sectigo-cert.ps1
@@ -0,0 +1,11 @@
+$certThumbprint = "CCBBF9E1485AF63CE47ABF8E9E648C2504FC319D"
+$certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine")
+$certStore.Open("ReadWrite")
+$cert = $certStore.Certificates | Where-Object { $_.Thumbprint -eq $certThumbprint }
+if ($cert) {
+    $certStore.Remove($cert)
+    Write-Output "Certificate removed successfully."
+} else {
+    Write-Output "Certificate not found."
+}
+$certStore.Close()
\ No newline at end of file