包签名和数字证书 [英] Package signing , and digital certificate
问题描述
我使用c#创建了一个windows窗体应用程序,该应用程序的输出是.exe,在这个项目的引用中,我添加了这个项目需要的许多dll的引用,它们都是我创建的.但是这些引用dll,其中一些使用第三方 Dll.
我使用 wix 工具集将 .exe 和所有引用的 dll 打包到安装程序项目中.
请注意,.exe 和安装程序没有强名称,也没有使用密钥签名.
我将这个 .msi 结果文件上传到内网服务器,但是当用户通过 google chrome 从内网下载它时,它给出了一个警告信息,如 fig1.
I Created a windows forms application using c# the output of the App is .exe , in the references of this project , I had added a reference of many dlls that this project needs all of them are Created by me.But these referenced dlls , some of them are using third parities Dll.
I packed the .exe and all referenced dll in an installer project using wix Toolset.
Note that the .exe and the installer has no strong names and not signed with key.
I upload this .msi result file into an intranet server , but when users download it from intranet it through google chrome , it gives a warning message like in fig1.Chrome warning
and when the user Double clicks the .msi file after downloading to start installation process , it activates windows smart screen .Smart screen warning
and while running the installer it displays User account control message with yellow banner as in fig3.[windows smart screen warning][3]
I made a lot of invistigations and i had find out that this is because my code is not digitally signed with digital certificate, actually i have no experience on this and i don't know if this is the true reason or what.
And do i need to make my .exe strongly signed by signing the assembly from signing tab of .net , I also have no experience about singing an executable package.
all what i need is that i don't want the user to feel like he is downloading and running something that is not trusted.
if the reason is that the package needs digital certificate , do i have to sgin the assembly with strong name to be able to sign it with digital certificate ?
Windows treats all application which are published by verified publisher as non-trusted application. If you want to make your application trusted by windows digitally sign your application.
- First buy Code-Signing-Certificate. lets say from Godaddy cheapest available (https://in.godaddy.com/web-security/code-signing-certificate). After buying certificate just follow procedure on godaddy to get your Certificate(.pfx) file.
- Install visual studio express
- Install InstallShield for generating .exe
- You can sign your output with the certificate by using installshield easily. Refer the screenshot for details.
这篇关于包签名和数字证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!