Rip off attempt???
-
Hi All, I have created an installer for my application when its run it comes up with Publisher Unknown. Digging around on MSDN it appears to use a command SignTool, which I tried in a Console/Dos Window it comes back as "'signtool' is not recognized as an internal or external command, operable program or batch file. Or you have typed rubbish. Stack Overflow you need a code signing certificate which is available for $179 a year or $499. Is this right so do I send my flaming box of dog do to MicroSharft now or what? Glenn
-
Hi All, I have created an installer for my application when its run it comes up with Publisher Unknown. Digging around on MSDN it appears to use a command SignTool, which I tried in a Console/Dos Window it comes back as "'signtool' is not recognized as an internal or external command, operable program or batch file. Or you have typed rubbish. Stack Overflow you need a code signing certificate which is available for $179 a year or $499. Is this right so do I send my flaming box of dog do to MicroSharft now or what? Glenn
I believe they provide a free one year cert for upstarts (DreamSpark or some other name).
-
I believe they provide a free one year cert for upstarts (DreamSpark or some other name).
We are not even a software house, just do a bit to interface to hardware. It looks like the Dreamspark thing is for students? :~
-
We are not even a software house, just do a bit to interface to hardware. It looks like the Dreamspark thing is for students? :~
glennPattonWork wrote:
It looks like the Dreamspark thing is for students?
Something else Spark or Dream something. You might be able to get a software cert somewhere else though (you dont have to go via MS, but you still use signtool). Personally, I would not be bothered to even sign an installer. Heck I abandoned the installer all together and used created a ZIP file ;p
-
glennPattonWork wrote:
It looks like the Dreamspark thing is for students?
Something else Spark or Dream something. You might be able to get a software cert somewhere else though (you dont have to go via MS, but you still use signtool). Personally, I would not be bothered to even sign an installer. Heck I abandoned the installer all together and used created a ZIP file ;p
But the client wants an MSI 'done properly' to avoid any problems :|
-
But the client wants an MSI 'done properly' to avoid any problems :|
A valid cert from anywhere will be proper. As long as it can validate with the CA root, it is exactly the same.
-
A valid cert from anywhere will be proper. As long as it can validate with the CA root, it is exactly the same.
Hang on I might have found something on Intel.....
-
Hang on I might have found something on Intel.....
Comodo? Prepare to jump through hoops.
I was brought up to respect my elders. I don't respect many people nowadays.
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier -
Comodo? Prepare to jump through hoops.
I was brought up to respect my elders. I don't respect many people nowadays.
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easierJust read it all the comments at the bottom basically say that. I mean that is the last thing I think in this project...(I hope!)
-
Hang on I might have found something on Intel.....
-
Comodo? Prepare to jump through hoops.
I was brought up to respect my elders. I don't respect many people nowadays.
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier -
I went with GlobalSign, ~100ukp, so much more painless experience than Comondo or whatever they were called).
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
It's just that it seems a bit off you or the company buy VS2008 use it on XP for years no problem have to upgrade to Win7 (due to dead PC) find this!:mad:
-
Hi All, I have created an installer for my application when its run it comes up with Publisher Unknown. Digging around on MSDN it appears to use a command SignTool, which I tried in a Console/Dos Window it comes back as "'signtool' is not recognized as an internal or external command, operable program or batch file. Or you have typed rubbish. Stack Overflow you need a code signing certificate which is available for $179 a year or $499. Is this right so do I send my flaming box of dog do to MicroSharft now or what? Glenn
I think the situaton with Apple phones is even worse.
-
It's just that it seems a bit off you or the company buy VS2008 use it on XP for years no problem have to upgrade to Win7 (due to dead PC) find this!:mad:
-
Hi All, I have created an installer for my application when its run it comes up with Publisher Unknown. Digging around on MSDN it appears to use a command SignTool, which I tried in a Console/Dos Window it comes back as "'signtool' is not recognized as an internal or external command, operable program or batch file. Or you have typed rubbish. Stack Overflow you need a code signing certificate which is available for $179 a year or $499. Is this right so do I send my flaming box of dog do to MicroSharft now or what? Glenn
Did you not try doing a
cd
to the EXE's directory and then running it again?
.-. |o,o| ,| \_\\=/\_ .-""-. ||/\_/\_\\\_\\ /\[\] \_ \_\\ |\_/|(\_)|\\\\ \_|\_o\_LII|\_ \\.\_./// / | ==== | \\ |\\\_/|"\` |\_| ==== |\_| |\_|\_| ||" || || |-|-| ||LI o || |\_|\_| ||'----'|| /\_/ \\\_\\ /\_\_| |\_\_\\ -
Hi All, I have created an installer for my application when its run it comes up with Publisher Unknown. Digging around on MSDN it appears to use a command SignTool, which I tried in a Console/Dos Window it comes back as "'signtool' is not recognized as an internal or external command, operable program or batch file. Or you have typed rubbish. Stack Overflow you need a code signing certificate which is available for $179 a year or $499. Is this right so do I send my flaming box of dog do to MicroSharft now or what? Glenn
signtool is part of the platform SDK. You can use it to "self-sign" your executables, mainly to test the signing process (and dependent processes). You usually pay for a certificate needed to sign the executable. When you sign your binaries, your customers know they got exactly the executable you signed. It does not make a guarantee about the quality or validity of your work. Tampering with the executable voids the signature. For unsigned executables, "trust rating" (which determines whether your users are warned about it being "potentially unsafe") is accumulated only for that one binary. for a signed executable, trust rating is accumulated over all binaries from the same publisher (i.e. you). In addition, your customers can schoose to "always trust" your files. Group policy allows various restrictions based on the signature status of binaries - the most common is requiring device drivers to be signed.
It's not exactly wrong to call the verification process a moneymaking scheme. It usually consists of you faxing personal and business details to the Certificate Authority (CA), and they calling you back for a check of those facts. The only other job they have is to keep their root certificates safe. The process is usually described as "chain of trust", though it's more a chain of finger pointing. Microsoft issues root certificate to CA's and preinstalls those (the public key, to be specific) with windows. This is the only place where actual trust happens: Microsoft trusts the CA's that they keep their private keys safe, and don't let you register a company name like "Mircosoft" or "This Is Google, Dude, Trust Me" that might mislead end users of your identity. CA's use their certificate to issue a certificate to you. You use the certificate to sign the executable. This could actually go on much deeper. The reverse is the fingerpointing: - "This exe is what glennPattonWork created if this certificate is valid" - "This certificate is valid if it's not expired, wasn't revoked, and the certificate it was created with is valid" - "This certificate is a root certificate, so Microsoft trusts those guys". Certificates can be limited in purpose, usually those allowing you to sign a kernel driver are more expensive and require more effort.
-
But the client wants an MSI 'done properly' to avoid any problems :|
Then renegotiate the contract to add a line item to buy a Security Theater Certificate for the installer. :rolleyes:
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
But the client wants an MSI 'done properly' to avoid any problems :|
-
glennPattonWork wrote:
But the client wants an MSI 'done properly' to avoid any problems
Then it is a commercial venture and someone should just pay for it.
Yeah, but they won't pay :rolleyes:
-
Did you not try doing a
cd
to the EXE's directory and then running it again?
.-. |o,o| ,| \_\\=/\_ .-""-. ||/\_/\_\\\_\\ /\[\] \_ \_\\ |\_/|(\_)|\\\\ \_|\_o\_LII|\_ \\.\_./// / | ==== | \\ |\\\_/|"\` |\_| ==== |\_| |\_|\_| ||" || || |-|-| ||LI o || |\_|\_| ||'----'|| /\_/ \\\_\\ /\_\_| |\_\_\\Sadly yes! :sigh: