0

Where can I get a certificate to the enterprise where I am working for sign an executable that we distribute? Because now, If the clients download the .exe file from Internet, Windows displays the security warning dialog "unknown publisher" when they execute it.

Futhermore, once I get it, how can I sign the executable on Linux?

Denis Hernandez
  • 21
  • 1
  • 9
  • Same question: https://stackoverflow.com/questions/18287960/signing-windows-application-on-linux-based-distros/29073957#29073957 – EFernandes Nov 14 '17 at 11:36

1 Answers1

0

Mono's signing tools allow to sign an executable on a Linux box.

First convert your .pfx certificate to .pvk and .spc files :

openssl pkcs12 -in authenticode.pfx -nocerts -nodes -out key.pem
openssl rsa -in key.pem -outform PVK -pvk-strong -out authenticode.pvk
openssl pkcs12 -in authenticode.pfx -nokeys -nodes -out cert.pem
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out authenticode.spc

And then sign it :

signcode \
 -spc authenticode.spc \
 -v authenticode.pvk \
 -a sha1 -$ commercial \
 -n My\ Application \
 -i http://www.example.com/ \
 -t http://timestamp.verisign.com/scripts/timstamp.dll \
 -tr 10 \
 application.exe
Alexander
  • 12,424
  • 5
  • 59
  • 76