you get this file from verisign on any other provider. they usually install the certificate on your machine and you need to export it as pfx to use it with signtool.
Use MMC and add the Certificate snap-in to do it.
You will find a detailed help in your certificate provider site. make sure you've bought a code signing certificate.