如何获得受信任/经过验证的发布者? [英] How to get a trusted/verified publisher?
问题描述
当我以管理权限启动我的应用程序(右键单击 EXE | 以管理员身份运行)时,会出现带有橙色或黄色横幅的 UAC 对话框,并带有发布者未知的警告.我不想购买证书,而是想以不同的方式进行.我认为必须有可能在没有购买证书的情况下实现这一目标.基本上,我想要启动时的外观,例如具有管理权限的 calc.exe(Windows 中的计算器).我有哪些选择或替代方案?
When I start my application with administrative permissions (right click on the EXE | Run as administrator), the UAC dialog with an orange or yellow banner appears with the warning that the publisher is unknown. Instead of purchase a certificate, I would like to do it differently. I think there must be possibilities to accomplish that without a purchased certificate. Basically, I want the look and feel when I start, for example, the calc.exe (Calculator in Windows) with administrative permissions. Which options or alternatives do I have?
推荐答案
无!
要知道发布者,您的应用程序必须具有数字签名,并且用于签名的证书必须是可信的.实现它的唯一可能是从知名证书颁发机构购买数字证书.
For the publisher to be known, you application must have a digital signature and the certificate used to sign it must be trusted. The only possibility to achieve it is to buy a digital certificate from a well-known certificate authority.
数字签名还应包含时间戳.即使证书过期,它也会让您的应用程序受到信任.如果数字签名上没有时间戳,证书过期后应用程序将再次变得不受信任.
The digital signature should also contain timestamp. It will keep your application trusted even when the certificate expires. If there's no timestamp on the digital signature, the application will become untrusted again as soon as the certificate expires.
您可以创建自签名数字证书并使用它为您的应用程序签名.但它不会被信任.有一个解决方法:如果用户将此证书安装到 Trusted Root Certificate Authorities 或 Trusted Publishers 中,那么只有这样您的应用程序才会变得受信任,并且 UAC 提示符将改为蓝色背景黄色的.但它要求用户明确表示对您的数字证书的信任.
You can create a self-signed digital certificate and sign your application with it. But it won't be trusted. There's a workaround: if users install this certificate into Trusted Root Certificate Authorities or Trusted Publishers, then and only then your application will become trusted, and UAC prompt would have blue background instead of yellow. But it requires users to explicitly express trust to your digital certificate.
因此,唯一不需要用户采取任何步骤的解决方案就是购买数字证书.
So the only solution that requires no steps from the users is to buy a digital certificate.
这篇关于如何获得受信任/经过验证的发布者?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
