How to include entire certification path when signing code with signtool?
How can i include the entire certification path when signing code using signtool
?
Ol开发者_如何学Pythonder versions of signtool would include the entire certification path in a digital signature. As it is now if i sign an executable with signtool
:
signtool.exe" sign /v /f avatar.pfx -t "http://timestamp.verisign.com/scripts/timstamp.dll" app.exe
the signature is not valid:
This is because there is no certification path:
Binaries signed with the older version of signtool worked fine:
How do i tell signcode to include the entire certification path when signing?
What is the proper way to sign a binary?
Update: SignTool version 6.1.7600.16385
:
See also
- How can I sign an ActiveX control with a code signing certificate and be a verified publisher?
- Signing WinForms ClickOnce app with Certificate Chain
- ClickOnce: Certificate cannot be validated
Use /ac
and pass the filename of the .cer
in which your certificate is rooted (for Verisign it was called MSCV-VSClass3.cer last time I checked when signing kernel code or other special code).
signtool.exe sign /v /f "Avatar.pfx"
/ac "Thawte Code Signing CA - G2.cer"
-t "http://timestamp.verisign.com/scripts/timstamp.dll" app.exe
This should be given by your CA. Usually MS offers bundles for the various CAs it accepts within Windows.
See:
- Windows root certificate program members
精彩评论