I developed a software application and signed a digital version of my installer with an Authenticode certificate from Verisign (now Symantec). I signed the installer (.exe) using the signtool.exe utility that comes with Visual Studio. When I run the installer, now it says the name of my company as a publisher instead of "unknown", which was my goal ... success!
Then I posted the installer file on my website for distribution to my clients. The file is served by an asp: button, which executes the following code when pressed:
Response.ContentType = "application/octet-stream"; Response.AppendHeader("Content-Disposition", "attachment; filename=CP11Full_x86.exe"); Response.TransmitFile(Server.MapPath("~/Software/ContainmentPlanner/Files/CP11Full_x86.exe")); HttpContext.Current.ApplicationInstance.CompleteRequest();
When I download the installer file from my site and run it, the publisher field says "unknown" !!! Then I copied the file directly from my web server to my computer using an FTP client, and the downloaded file received a SIGNATURE (i.e. did not display the publisher: unknown), so apparently the file on the web server is fine. It should be something about the process of downloading a file through a website that breaks or cancels the digital signature. I tried both Firefox and IE and got the same result.
What am I doing wrong? Thanks in advance for your help.
source share