I want to sign a static .exe assembly of one of my open source programs so that it is "normal" for a regular Windows user.
I bought an open source signature certificate from certum.eu to be able to do this.
After some searching on the Internet, I tried to sign an exe file using osslsigncode 1.7.1 in my Linux machine processing using
osslsigncode sign -pkcs12 cert.p12 -pass "..." -h sha2 -t http://timestamp.verisign.com/scripts/timstamp.dll -in some.exe -out some-signed.exe
When checking it on Windows 10, a pop-up warning appears: "Windows protected your computer. Windows SmartScreen prevented an unrecognized application from starting. Running this application may put your PC at risk."
So I tried to use the native signtool.exe tool for Windows to sign it. I installed it in my old virtual Windows XP (where I also compiled the program, I do not have access to any other Windows machine) and signed the exe file with
"C:\Programme\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe" sign /f C:\cert.p12 /p "..." /t http:
This tool also said that everything is in order, but nonetheless, the same warning appears.
Thus, the certificate is simply useless, since a "signed" exe file really produces the same warning as an unsigned one. I would really appreciate help on this.
source
share