包签名和数字证书 [英] Package signing , and digital certificate

查看:35
本文介绍了包签名和数字证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用c#创建了一个windows窗体应用程序,该应用程序的输出是.exe,在这个项目的引用中,我添加了这个项目需要的许多dll的引用,它们都是我创建的.但是这些引用dll,其中一些使用第三方 Dll.

我使用 wix 工具集将 .exe 和所有引用的 dll 打包到安装程序项目中.

请注意,.exe 和安装程序没有强名称,也没有使用密钥签名.

我将这个 .msi 结果文件上传到内网服务器,但是当用户通过 google chrome 从内网下载它时,它给出了一个警告信息,如 fig1.

I Created a windows forms application using c# the output of the App is .exe , in the references of this project , I had added a reference of many dlls that this project needs all of them are Created by me.But these referenced dlls , some of them are using third parities Dll.

I packed the .exe and all referenced dll in an installer project using wix Toolset.

Note that the .exe and the installer has no strong names and not signed with key.

I upload this .msi result file into an intranet server , but when users download it from intranet it through google chrome , it gives a warning message like in fig1.Chrome warning

and when the user Double clicks the .msi file after downloading to start installation process , it activates windows smart screen .Smart screen warning

and while running the installer it displays User account control message with yellow banner as in fig3.[windows smart screen warning][3]

I made a lot of invistigations and i had find out that this is because my code is not digitally signed with digital certificate, actually i have no experience on this and i don't know if this is the true reason or what.

And do i need to make my .exe strongly signed by signing the assembly from signing tab of .net , I also have no experience about singing an executable package.

all what i need is that i don't want the user to feel like he is downloading and running something that is not trusted.

if the reason is that the package needs digital certificate , do i have to sgin the assembly with strong name to be able to sign it with digital certificate ?

解决方案

Windows treats all application which are published by verified publisher as non-trusted application. If you want to make your application trusted by windows digitally sign your application.

  1. First buy Code-Signing-Certificate. lets say from Godaddy cheapest available (https://in.godaddy.com/web-security/code-signing-certificate). After buying certificate just follow procedure on godaddy to get your Certificate(.pfx) file.
  2. Install visual studio express
  3. Install InstallShield for generating .exe
  4. You can sign your output with the certificate by using installshield easily. Refer the screenshot for details.

这篇关于包签名和数字证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆