Signed using pfx file. But UAC still prompts for "Unknown publisher"

Question

I signed my installer executable with the pfx file. No error or warning was given during the signing process (I used Signtool.exe in Windows). When I right click the installer executable and select Properties, in the "Digital Signature" tab, my company's name is correctly shown.

But when I run the installer. UAC kicks in shows a warning, the publisher is shown as unknown.

What did I miss?

In the certmgr.msc, the certificate is issued by "Thawte Code Signing CA". But it is only saved to the Personal store. Do I need to import it to the "Trusted Publishers" store? — sean717, May 15 '13 at 20:53

score 4 · Accepted Answer · answered May 22 '13 at 21:13

4

I've solved this issue.

Here is what I did:

Export the "Thawte Code Signing CA" from certmgr.
specify the /ac switch.

My code signing command looks like this

signtool sign /f mykey.pfx /p password /ac ThawteCodeSigning.cert installer.exe

answered May 22 '13 at 21:13

sean717

11,759
20
66
90

score 0 · Answer 2 · answered May 21 '13 at 22:26

You must make sure the intermediate certificates are installed for your code signing certificate. Your issue could be due to missing intermediate certificates. The Code Signing certificate goes into the 'Personal - Certificates' folder in your MMC. The intermediate certificate must be in the 'Intermediate Certification Authority' in your MMC. Please follow the link below to download the intermediate certificate for code signing:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1406

Signed using pfx file. But UAC still prompts for "Unknown publisher"

2 Answers2

Linked