views:

268

answers:

3

I have made an application for Windows & everytime I run the application by opening the executable file I get the "Publisher Unverified" warning in Windows. It is fine if I was the only audience for this app but thats not the case. Is there any way to program my app such that this message does not show up for the users.

+1  A: 

The only way to do this is to obtain and use a code signing certificate from a trusted source. Microsoft calls this Authenticode.

Unfortunately for the little guy, these cost. Verisign sells theirs for about four hundie a year.

Here are some starting points you should read about Authenticode:

http://msdn.microsoft.com/en-us/library/ms537359%28VS.85%29.aspx
http://technet.microsoft.com/en-us/library/cc750035.aspx
http://msdn.microsoft.com/en-us/library/aa379872%28VS.85%29.aspx

Some certificate dealers:

http://www.verisign.com
http://www.thawte.com
http://www.globalsign.net
http://www.geotrust.com

Will
@Will thanks. But I think I might have found an alternative.
Chantz
+1  A: 

For a cheaper code signing certificate, you can use Comodo. There is a reseller called KSoftware which sells their certificates for $99/yr:

http://www.ksoftware.net/code_signing.html

I used them a few years ago and had no problems.

You can then use SignTool from the .net SDK to sign your EXE files. There is a tutorial here:

http://www.tech-pro.net/code-signing-for-developers.html

Alex Warren
@Alex thanks for answering. But I think there is an alternative. We can use OpenSSL to create our own digital signatures.
Chantz
A: 

I think there is a way to resolve this. We need to add digital signature to the executables. The way to add digital signatures is very nicely outlined at,

Basically we will use OpenSSL to create our own digital signatures and then use the SignTool application by Microsoft to add it to our executable.

Chantz
Though I must add that this still doesnt get rid of the warning completely. Less severe warning /information is still displayed. I think there should be anohter way of getting rid of this completely..
Chantz
I told you the way--you have to digitally sign your code with a certificate issued by a trusted source. You are not a trusted source, unless you're on your own machine OR the certificate used in signing is added to the certificate store on EVERY machine that the application is run on. This is a whole kind of secure-windows-against-hackers thing so you can't just "get around it."
Will