tags:

views:

268

answers:

3
Q: 

Get rid of "Publisher Unverified" warnings in Windows for executables

I have made an application for Windows & everytime I run the application by opening the executable file I get the "Publisher Unverified" warning in Windows. It is fine if I was the only audience for this app but thats not the case. Is there any way to program my app such that this message does not show up for the users.

+1  A: 

The only way to do this is to obtain and use a code signing certificate from a trusted source. Microsoft calls this Authenticode.

Unfortunately for the little guy, these cost. Verisign sells theirs for about four hundie a year.

Here are some starting points you should read about Authenticode:

http://msdn.microsoft.com/en-us/library/ms537359%28VS.85%29.aspx
http://technet.microsoft.com/en-us/library/cc750035.aspx
http://msdn.microsoft.com/en-us/library/aa379872%28VS.85%29.aspx

Some certificate dealers:

http://www.verisign.com
http://www.thawte.com
http://www.globalsign.net
http://www.geotrust.com

Will  2009-09-15 15:36:41
@Will thanks. But I think I might have found an alternative.
Chantz  2009-09-15 15:44:29
+1  A: 

For a cheaper code signing certificate, you can use Comodo. There is a reseller called KSoftware which sells their certificates for $99/yr:

http://www.ksoftware.net/code_signing.html

I used them a few years ago and had no problems.

You can then use SignTool from the .net SDK to sign your EXE files. There is a tutorial here:

http://www.tech-pro.net/code-signing-for-developers.html

Alex Warren  2009-09-15 15:46:02
@Alex thanks for answering. But I think there is an alternative. We can use OpenSSL to create our own digital signatures.
Chantz  2009-09-15 15:47:57
A: 

I think there is a way to resolve this. We need to add digital signature to the executables. The way to add digital signatures is very nicely outlined at,

Basically we will use OpenSSL to create our own digital signatures and then use the SignTool application by Microsoft to add it to our executable.

Chantz  2009-09-15 15:46:45
Though I must add that this still doesnt get rid of the warning completely. Less severe warning /information is still displayed. I think there should be anohter way of getting rid of this completely..
Chantz  2009-09-15 19:48:50
I told you the way--you have to digitally sign your code with a certificate issued by a trusted source. You are not a trusted source, unless you're on your own machine OR the certificate used in signing is added to the certificate store on EVERY machine that the application is run on. This is a whole kind of secure-windows-against-hackers thing so you can't just "get around it."
Will  2009-09-15 20:52:48

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)