Hi,
these articels here in the forum where really helpfull!
We managed to successfully sign our application with the HSM2 using the https://github.co/chris2511/xca version 2.3.0 for the csr creation. The guide on the opensc wiki https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM to know what to do with the pkcs11-tool.exe and sc-hsm-tool.exe. OpenSC in version 0.20.0 https://github.com/OpenSC/OpenSC/releases. signtool.exe we got from here https://developer.microsoft.com/de-de/windows/downloads/windows-10-sdk/.
We first wanted to use openssl on Windows to create the csr, but this ends up in problems with pkcs#11 engine trouble, if you use pre compiled openssl binaries. It is much easier to use xca. To sign the application successfully we needed to import the certificate using the mmc. For signtool.exe you should add /fd sha256 otherwise it will only use sha1 for signing your binary.
Thanks the information on this forum saved so much time for us 
Cheers,
Carl