wixinstallationsignbootstrapper
After successfully digital sign of wix bootstrapper output .exe is not installing
If try to install without digital sign of bootstrapper output .exe file, it's working fine.But after digital sign installer show an error. 
to sign .exe, used bellow code in bootstrap.wixproj file before the closing /Project tag.
<!-- SignOutput must be present in some PropertyGroup to trigger signing. -->
<PropertyGroup>
<SignOutput>true</SignOutput>
</PropertyGroup>
<!-- Sign the bundle engine -->
<Target Name="SignBundleEngine">
<Exec Command=""C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha512 /fd sha512 /f "D:\Digital Sign Resorce\CARoot.pfx" /p Test123 /d "My Project Name" "D:\Project\xxx\v3.2.0.0\SetupWiX\bin\Release\SetupWiX.msi"" />
</Target>
<!-- Sign the final bundle -->
<Target Name="SignBundle">
<Exec Command=""C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha512 /fd sha512 /f "D:\Digital Sign Resorce\CARoot.pfx" /p Test123 /d "My Project Name" "D:\Project\xxx\v3.2.0.0\Bootstrapper_New\bin\Release\MyApp.exe"" />
</Target>
Solution
This is what works for me. I install the certificate (and only one certificate) in the personal store of my build user service account so that it's auto selected without a passphrase or access to the PFX file elsewhere. My MSI is already signed in a previous build step.
<Target Name="SignBundleEngine">
<Exec Command="signtool.exe sign /tr http://timestamp.digicert.com "@(SignBundleEngine)"" />
<Exec Command="Signtool.exe sign /fd SHA256 /tr http://timestamp.digicert.com /td sha256 "@(SignBundleEngine)"" />
</Target>
<Target Name="SignBundle">
<Exec Command="signtool.exe sign /tr http://timestamp.digicert.com "@(SignBundle)"" />
<Exec Command="Signtool.exe sign /fd SHA256 /tr http://timestamp.digicert.com /td sha256 "@(SignBundle)"" />
</Target>