All geek questions in one place

"signature damaged or invalid" download from IE

I received a Certum certificate to sign my C # application. Everything seems to be in order, and I can run the application and also see a valid certificate on it.

But, if I upload it to my web page (publishing in Visual Studio or downloading EXE), I cannot download it using Internet Explorer on Windows7. I always get a message: "Signature is corrupted or invalid." But once it is on the PC, it seems valid. I know in 2013 there was a bug in IE, but it should be resolved.

On Windows 10, Smartscreen also blocks this exe, and I cannot download it. I paid this certificate to show that my application is safe, and now I have more problems than before :(

I do not know if I can paste the link here in my application.

Change I found this document from Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx - It seems like Microsoft with IE (but also Google with Chrome) does not allow you to download signed SHA-1 applications anymore from January 1., because it is not safe enough.

+5
source share
3 answers

OK, now I can say: NO SOLUTION !

At least for the moment (January 2016).

  • All new certificates must have SHA-2 hash on Windows7 / 8 and Windows 10
  • Certum does not have SHA-2 certificates for the OpenSource option. Since February, the OpenSource certificate from Certum is also available with SHA-2 hash capability!

So, if you want to create an application for WindowsXP, you can use the Open Source Sign from Certum. If you want to sign your application for a new OS, you will lose your money only if you purchase a Certum OpenSource certificate!

+3
source

I had to remove KB3124263 (was installed on the 14th for me) in order to return the functionality: - (

+1
source

Despite the fact that my code signing certificate had a SHA2 hash, I still got an invalid or damaged signing error when uploading the file to IE / Edge.

Apparently, it is also required that the code signing certificate be issued by the CA with the SHA2 hash.

After contacting Verisign / Symantec support, they directed me to the following guide to reissue my certificate:

this changed my intermediary CA from VeriSign Class 3 Code Signing 2010 CA (SHA1) to Symantec Class 3 SHA256 Code Signing CA (SHA256) and now IE / Edge does not report any errors

0
source

Source: https://habr.com/ru/post/1240680/

More articles:


All Articles