diff --git a/CMakeLists.txt b/CMakeLists.txt
index eac12d5ae7..424fbdc940 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -120,7 +120,7 @@ else()
 endif()
 
 # Use default time server if none defined in environment
-set_from_env(TIMESERVER_URL TIMESERVER_URL "http://sha256timestamp.ws.symantec.com/sha256/timestamp")
+set_from_env(TIMESERVER_URL TIMESERVER_URL "http://timestamp.comodoca.com?td=sha256")
 
 set(HIFI_USE_OPTIMIZED_IK_OPTION OFF)
 set(BUILD_CLIENT_OPTION ON)
diff --git a/cmake/templates/NSIS.template.in b/cmake/templates/NSIS.template.in
index fe0d95e8b1..f40141be32 100644
--- a/cmake/templates/NSIS.template.in
+++ b/cmake/templates/NSIS.template.in
@@ -199,18 +199,15 @@
 
     !system "$%TEMP%\tempinstaller.exe" = 2
 
-    ; NOTE: We're not code signing right now, so we're going to disable that.
-    ; TODO: Get a code signing certificate so we can re-enable code signing.
-
     ; The Inner invocation has written an uninstaller binary for us.
     ; We need to sign it if it's a production or PR build.
-    ; !if @PRODUCTION_BUILD@ == 1
-    ;   !if @BYPASS_SIGNING@ == 1
-    ;     !warning "BYPASS_SIGNING set - installer will not be signed"
-    ;   !else
-    ;     !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
-    ;   !endif
-    ; !endif
+    !if @PRODUCTION_BUILD@ == 1
+      !if @BYPASS_SIGNING@ == 1
+        !warning "BYPASS_SIGNING set - installer will not be signed"
+      !else
+        !system '"@SIGNTOOL_EXECUTABLE@" sign /fd sha256 /f %HF_PFX_FILE% /p %HF_PFX_PASSPHRASE% /tr http://timestamp.comodoca.com?td=sha256 /td SHA256 $%TEMP%\@UNINSTALLER_NAME@' = 0
+      !endif
+    !endif
 
     ; Good.  Now we can carry on writing the real installer.