Here is a snippet from our build scripts
set signtool=C:\{cert_path}\signtool.exe sign /f C:\{cert_path}\my_code_sign_current.p12 /p ###### /du "http://mycompany.com" /t "http://timestamp.comodoca.com/authenticode"
%signtool% /d "My Application 1.0" "C:\{binn_path}\App.exe"
%signtool% /d "My Other App 2.0" "C:\{binn_path}\Other.exe"
...
We use older version of signtool.exe
(6.0.4002.0) because we had troubles using some timestampimg servers with newer versions (http://www.startssl.com/timestamp).
Note: .pfx and .p12 files -- these are the same PKCS #12 container files, DER encoded