4
1
I have an application, which I sign and timestamp using a code-signing certificate issued by thawte, with intermediate authority Thawte code signing CA - G2.
The signature is OK (as it shows in file properties) and you can view the certification chain, so that is all okay.
On most PCs, the user just clicks on the .exe file and it runs, but on Windows 7 with default settings, the "Open File - Security Warning" pops up EVERY TIME. It shows that it is signed, that the publisher is our company, and the user can verify that. This is not what we want. We want the user to double-click the file and go. I added our certificate to the "trusted publishers" in certmgr, and then I added our certificate to the "trusted root certification authorities". I think I tried all combinations, that made sense to me. Still I am not getting the desired result.
I used Google a lot and I spent almost 2 days fiddling around with it, with no progress at all. How can I sign another file, send it to the computer, run it the same, convenient way as if it was developed and released by Microsoft or another big company?
I need a general solution for all OS of Windows family Vista and newer.
P.S. I do not want to unblock files, do registry hacks, or security level adjustments. I think I am missing something around where to install the certificates. If needed, please feel free to ask for code or settings, and I will gladly provide them.
1You tried to add the cert to the store or you did add the cert to the store? – Ramhound – 2014-08-14T14:40:11.557
I added the cert to the store, but have not tried all options, have not tried
Enterprise trust
, have not tried all basically, so maybe I just need a hint which store is the correct one. – jmodrak – 2014-08-14T14:42:41.640Which version of Windows are you running on these "Most PCs" you speak of. Also, can you post a screenshot (or link to one) of the exact message you are seeing? – lzam – 2014-09-18T02:23:25.653
Does the application require administrative permissions? If so, there really isn't anything else you can do if you are seriously wanting to avoid editing User Account Control settings or making users Local Admins short of creating a scheduled task and a shortcut to launch said task
– int_541 – 2014-12-13T08:29:29.623