1. 首页
  2. 问答
  3. signed/verified .exe给未知发布者

signed/verified .exe给未知发布者

2013-08-01 52 views
1

Visual Basic Express 2008,开发了vb.net数据库应用程序。在Win7 x64 PC上。signed/verified .exe给未知发布者

我更改了构建配置。经理到平台:x86,所以.exe可以在x86和x64机器上运行。最后回答在这里:Setting 32-bit x86 build target in Visual C# 2008 Express Edition?

购买MS Authenticode证书。来自Symantec/Verisign,已获得证书,安装在浏览器中。出口证书。从浏览器到.pfx。在VS属性/签名选项卡中,选中登录组件然后导航到.pfx。

构建后,使用signtool签署的.exe

signtool.exe sign /ac "c:\users\me\desktop\debugv6\winCert.cer" /s MY /t http://timestamp.verisign.com/scripts/timestamp.dll /n "Our Company Inc." /v c:\users\me\desktop\debugv6\db.exe 

The following certificate was selected: 
Issued to: Our Company Inc. 
Issued by: VeriSign Class 3 Code Signing 2010 CA 
Expires: 7/31/2014 6:59:59 PM 
SHA1 hash: xxlongStringxx 

Done Adding Additional Store 

Attempting to sign: c:\users\me\desktop\debugv6\db.exe 
Successfully signed and timestamped: c:\users\me\desktop\debugv6\db.exe 

Number of files successfully Signed: 1 
Number of warnings: 0 
Number of errors: 0

然后使用signtool验证

signtool.exe verify /pa /v c:\users\me\desktop\debugv6\db.exe 

Verifying: c:\users\me\desktop\debugv6\db.exe 
SHA1 hash of file: xxlongStringxx 
Signing Certificate Chain: 
    Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 
    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 
    Expires: 7/16/2036 6:59:59 PM 
    SHA1 hash: xxlongStringxx 

     Issued to: VeriSign Class 3 Code Signing 2010 CA 
     Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 
     Expires: 2/7/2020 6:59:59 PM 
     SHA1 hash: xxlongStringxx 

      Issued to: Our Company Inc. 
      Issued by: VeriSign Class 3 Code Signing 2010 CA 
      Expires: 7/31/2014 6:59:59 PM 
      SHA1 hash: xxlongStringxx 

The signature is timestamped: 7/31/2013 4:18:46 PM 
Timestamp Verified by: 
    Issued to: Thawte Timestamping CA 
    Issued by: Thawte Timestamping CA 
    Expires: 12/31/2020 6:59:59 PM 
    SHA1 hash: xxlongStringxx 

     Issued to: Symantec Time Stamping Services CA - G2 
     Issued by: Thawte Timestamping CA 
     Expires: 12/30/2020 6:59:59 PM 
     SHA1 hash: xxlongStringxx 

      Issued to: Symantec Time Stamping Services Signer - G4 
      Issued by: Symantec Time Stamping Services CA - G2 
      Expires: 12/29/2020 6:59:59 PM 
      SHA1 hash: xxlongStringxx 

Successfully verified: c:\users\me\desktop\debugv6\db.exe 

Number of files successfully Verified: 1 
Number of warnings: 0 
Number of errors: 0

问题

当从WinXP的启动.EXE 32我得到的出版商:我们公司很棒。 但从一些 Win7 x64机器启动时,我得到出版商:未知。

任何人都有这个概率。之前?

谢谢!

来源

2013-08-01 dan

回答

3

简短回答
威瑞信拥有两条用于当前代码签名证书的路径。一个使用G5作为根。另一个(更兼容)使用G5作为中间件。解决方案不仅是添加第二中间体(如您已经这样做),但也是主要中间体:Download

长答案

检查有问题的计算机上的证书存储是否找到您的根(VeriSign G5),例如开始»执行»mmc.exe»菜单文件»添加管理单元»证书(计算机,本地)»添加»可信第三方证书。如果不存在,我知道这五个备选方案:

替代A(有问题的机器上)

  1. 下载“威瑞信3类主要CA - G5”(根)
  2. 在Windows中,它并
    3. 双击
  3. 在其属性的底部,点击“安装证书”

替代B(有问题的机器上)

  1. 下载最新的“更新根证书”(KB931125)的
  2. 需要你通过正版Windows验证
    (安装了几个新的根,包括'VeriSign Class 3 Public PC A-G5')

备选C(在有问题的机器上;仅适用于Windows XP)

  1. 打开Windows更新,网站和
  2. 不要选择快递,但选择自定义
  3. 安装的所有可选更新(安装)“的根证书更新”

用户可能已经关闭了自动根证书更新。在Windows XP中,可以通过开始»控制面板»软件»Windows组件»更新根证书进行控制。或者(在Windows XP,Windows Vista和Windows 7中)通过mmc。exe»菜单文件»添加管理单元»组策略对象(本地)»添加»本地计算机策略»管理模板(可选:菜单»操作»添加模板»添加»系统»打开»关闭»)系统»互联网»互联网»关闭自动根证书更新。

替代d

    作为中级证书,使用 年长“威瑞信3类代码签名CA 2010”
    过期:周三1月1十九时59分59秒2014
    SHA1哈希:14FCF0BB187D563B568EEA5FC888A53D288698D6
    (这中间环节“3级公共主要认证机构'直接没有G5)

替代E

    请参阅简短的答案。 VeriSign对SSL/TLS也是如此。因此,更多详细信息,请看 this explanation …

†实际上有三条路径:G5 CA作为根,G5 CA作为中间路由器,以及旧的2010 CA.作为根的G5 CA是有问题的路径。

示例(根据备选E进行签名)为Adobe Reader(目前为v11.0.0.5)和Apple AirPort Utility(目前为v5.6.1)。顺便说一句,有类似的指南browser plug-inskernel code drivers

来源

2013-10-15 16:34:55

相关问题

 相关问题