Here are the minimum steps required to self-sign an executable for development and testing:<\/p>\n
makecert -sv mykey.pvk -n \"CN=MyCompany\" -len 2048 mycert.cer -r\npvk2pfx -pvk mykey.pvk -spc mycert.cer -pfx mycert.pfx -po mypassword\n<\/pre>\nNote: You’ll be prompted to create a certificate password and it must match whatever you supply to pvk2pfx<\/tt> with the -po<\/tt> switch.<\/p>\n
To sign an executable, use:<\/p>\n
signtool sign \/f mycert.pfx \/t http:\/\/timestamp.comodoca.com\/authenticode \/v executable.exe\n<\/pre>\nNote: once you have a real code signing certificate, you’ll use whatever timestamp server your provider gives you. Comodo works fine for self-signing testing purposes.<\/p>\n
To automatically sign a binary at build-time in Visual Studio, add go to your Project Settings | Build Events | Post-Build Event, and add something like this to the Command Line setting:<\/p>\n
signtool sign \/f MyCertificatePath\\mycert.pfx \/p mypassword \/t http:\/\/timestamp.comodoca.com\/authenticode \/v $(TargetPath)\n<\/pre>\nExplanation of makecert<\/tt> command:<\/p>\n
-sv Specifies the private key file.<\/p>\n
-n Specifies the certificate name.<\/p>\n
-len Generated key length, in bits. This StackOverflow answer<\/a> indicates that Microsoft released an update blocking certificates with keys under 1024 bits long<\/a>.<\/p>\n
-r Specifies self-signed, i.e. not a root certificate.<\/p>\n","protected":false},"excerpt":{"rendered":"
Here are the minimum steps required to self-sign an executable for development and testing: makecert -sv mykey.pvk -n “CN=MyCompany” -len 2048 mycert.cer -r pvk2pfx -pvk mykey.pvk -spc mycert.cer -pfx mycert.pfx -po mypassword Note: You’ll be prompted to create a certificate … Continue reading