Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>As mentioned in the other answers, you will first need to purchase a certificate suitable for code signing. This will cost a few hundred dollars, nowhere near a thousand. When I renewed my company's certificate with <a href="http://www.globalsign.com/" rel="noreferrer">Globalsign</a> recently, there was also an investigation to check that the company was legitimate - because I used a mobile number for the registration process, they wanted a letter from the company accountant to verify that we are a real business. </p> <p>To sign the executable, I use an MSBuild task. Here's an excerpt with the relevant pieces:</p> <pre><code>&lt;!-- Installer files that need to be signed. --&gt; &lt;ItemGroup&gt; &lt;InstallerSignedFiles Include="$(BuildRoot)path\to\myinstaller.msi"/&gt; &lt;InstallerSignedFiles Include="$(BuildRoot)path\to\setup.exe"/&gt; &lt;/ItemGroup&gt; &lt;Target Name="ReleasePackaging"&gt; &lt;!-- Sign the files we're going to release --&gt; &lt;SignTool CertificateStoreName="My" CertificateSubjectName="MyCompany" Description="My application description" TimestampServerUrl="http://timestamp.verisign.com/scripts/timstamp.dll" TargetFiles="@(InstallerSignedFiles)" /&gt; &lt;/Target&gt; </code></pre> <p>For this to work as above, you will need to install the certificate into your personal certificate store (see <code>CertificateStoreName="My"</code> in the above example). On the Globalsign web site, this installation was an automatic part of the certificate download process. Note: I found that it helps to use Internet Explorer when you download the certificate, as it is integrated with the Windows certificate store. Once it is in the certificate store on the download computer, you can <a href="http://www.tech-pro.net/export-to-pfx.html" rel="noreferrer">export it as a pfx file</a>, transfer it to your build machine, and import it there. If you do export it, I would advise that you protect the exported file with a password in case it falls into the wrong hands.</p> <p>When you use the SignTool MSBuild task as above, it reads certificates from the personal store ("My") that is associated with the current Windows user account. This means that you can control who can sign code with your certificate, which is a Good Thing. You should only import the certificate into the personal store of developers that you trust.</p> <p>It's a good idea to use the timestamp server when signing code, so that you don't need to re-sign the code when the certificate expires.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload