1

I develop a desktop application for use on Windows, and was wondering how I can get my executables signed so they stop showing those horrible looking warning messages about being from an unknown publisher. I am somewhat familiar with signing binaries before releasing them. I have a Linux port of the same program which is distributed though it's own signed repository (apt-get).

The process for signing windows executables seems extremely complicated and I can't find a simple tutorial on what to do, rather thousands of webpages describing only parts of the process, or which go into way too much depth.

I just need a quick list of steps which are necessary to sign executables under windows. I believe it's called "authenticode".

Daisetsu
  • 4,846
  • 11
  • 50
  • 70

1 Answers1

2

Tools see MSFT Introduction to Code Signing

edit: you buy a certificate from a provider - most web registrars sell them.
Then simply sign the executable using the msft tools

see http://www.instantssl.com/code-signing/code-signing-process.html

Martin Beckett
  • 94,801
  • 28
  • 188
  • 263
  • I have seen this link already. It tells me why certificates are needed, and defines a few terms and lists some command line apps. It really doesn't tell me the process of how I need to acquire this 509.X certicate it mentions. Does it need to have special permissions, or can I generate my own wigh GPG? This really doesn't provide a whole ton of info. – Daisetsu Apr 28 '11 at 00:16
  • GPG is a completely different system compared to X.509 certificates - that can not be used. Self-signed X.509 certificates are also not very usable besides on your own PC or corporate environment. You have to buy a code-signing certificate from a Certificate Authority that is included in the Windows certificate store. – Robert May 04 '11 at 15:17
  • @Robert - or from Honest Achmed's store (https://bugzilla.mozilla.org/show_bug.cgi?id=647959) – Martin Beckett May 04 '11 at 15:19
  • Let's see if he manages to convince Microsoft to add his root certificate ;) – Robert May 04 '11 at 15:21