At glance, code signing basically is about to ensure that the executable I got in my computer as a potential user of the application, has not known any kind of code alteration in between. To do that, (since we are talking of windows) windows OS need to be able to make some verification. Firstly it will go look for local certificates (active directory) and then at Microsoft Code Signing certificate store. So the choices are :

• 1. If you are willing to publish your application in the Microsoft Store you'll need a Microsoft Code Signing certificate
• 2. If the application is used internally, you can make your own Self-signed certificate and tell your local win OS about it, see a
     tutorial : https://www.youtube.com/watch?v=zqd80Yp9ZSc
• 3. Otherwise, if you want to publish your app but not necessary by Microsoft Store, there are many of Certificate Authorities that may help.

I may suggest to use option 2 in order to test without betting money as it has been said. Then option 1 or 3 as needed.

FYI, when configuring app installer to allow elevation, windows defender will be okay with that without a certificate.