makecert -r -pe -n "CN=Firmenname-rootCA" -ss CA -sr CurrentUser -a sha256 -cy authority -sky signature -sv "D:\cert\MyCA.pvk" "D:\cert\MyCA.cer"

Succeeded

makecert -pe -n "CN=Firmenname-rootCA" -a sha256 -cy end -sky signature -ic "D:\cert\MyCA.cer" -iv "D:\cert\MyCA.pvk" -sv "D:\cert\MySPC.pvk" "D:\cert\MySPC.cer"

Succeeded

::pvk2pfx ist bei mir nicht in PATH, darum das dahinwechseln per cd
cd C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64 

pvk2pfx.exe -pvk "D:\cert\MySPC.pvk" -spc "D:\cert\MySPC.cer" -pfx "D:\cert\MySPC.pfx"

signtool sign /v /f "D:\cert\MySPC.pfx" /t http://timestamp.comodoca.com "D:\cert\Setup.exe"

The following certificate was selected:
    Issued to: Firmenname-rootCA
    Issued by: Firmenname-rootCA
    Expires:  Sun Jan 01 00:59:59 2040
    SHA1 hash: 9A02F7F5BD565E0A4536A70051434F274B8501D5

Done Adding Additional Store
Successfully signed: D:\cert\Setup.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0