After I built an installer by Installshield. When I double click to install that software, its publisher shown "Unknown". Does anyone know how to make this field to a signed certs? I do have a signed certs from VeriSign.
问题:
回答1:
Digital Signing
I am outdated on certificates, but how well signing will work largely depends on the nature of your certificate - whether it points to a valid root certificate already present by default on your users' target computers (a self-signed certificate will not be present by default for example - obviously I guess) and what type of certificate it is (see below regarding EV certificate).
In your case the Installshield help file probably provides the information you need to use the certificate you mention. Here is the online version of that help: Installshield 2018: Digital Signing & Security. I believe your VeriSign certificate should work, if it is up to date (I presume SHA256 - Installshield 2015 upwards) and that it is a valid code signing certificate (as opposed to some other type of certificate).
Root Certificates: Microsoft Trusted Root Certificate Program - Portal (2018)
SmartScreen
Beyond signing, we are now (Windows 8 onwards) dealing with "smart screening" (see sample blocking dialog from Windows Defender). A reputation-based system (see the accepted answer in the linked question as well) with setup / application telemetry data determining if your setup is considered safe - in other words a simple, old-school certificate just isn't enough anymore to gain trust. So they tell me :-).
You can apparently use an EV code-signing certificate to "buy trust" (interesting concept - one would have to say) - it is essentially a more expensive certificate with USB hardware token security and a more rigorous vetting process for the buyer (and there are further details): "Programs signed by an EV Code Signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher."
To point out the obvious, the below links are not meant as endorsements:
- Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates
- https://www.digicert.com/code-signing/
- https://www.globalsign.com/en/code-signing-certificate/
- Symantec Extended Validation (EV) Code Signing certificate - Getting Started.
Disclaimer: I am on shaky ground with these issues due to lack of experience, but the provided answer is "best effort" to help get you going. Please do report any important discoveries with comments to the answer or just edit the answer in-situ for the rest of the community (or add your own answer obviously).
Linking Monster: And now, the link-fest. Apologies :-).
Some Further SmartScreen Links For Safekeeping:
- How to avoid the Windows Defender SmartScreen prevented an unrecognized app from starting warning?
- InnoSetup - fails to use global sign EV code signing
- How to pass the smart screen on Win8 when install a signed application?
- How to pass the Windows Defender SmartScreen Protection?
Some Further Certificate Links For Safekeeping:
- How to Add a Digital Certificate to a SingleImage Install Shield Installation Program
- Changing the Timestamp Server for Digital Signatures.
- UAC prompt from unidentified publisher appears when uninstalling MSIs on Windows Vista and Windows Server 2008
- Best practice to sign InstallShield setup and include intermediate certificates
- Odd 'Program name' when installing signed msi installer
- Is it possible to define a Windows Installer-uninstaller filename?