Menu
Say we have an InnoSetup installer script, a native C++ QT files loading application and a .Net client application that we load/update each time and which is the main application. We load files via http post\get requests.
So how many different certificates would our application need to prove for antivirus protectors that we are indeed a real not virus application and which part of our application would require which certificates?
306
One certificate. But each .EXE and .DLL must have its own signature. This probably means you have to sign your build output before it's included inside the installer.
The signature states that you (your company) are the author of that particular file, and the certificate proves the signature is not forged.
161
You will only need to buy one code signing certificate. You should sign both the executable and the installer. Take a look at this as a good description of code signing. After working through many issues myself, I've concluded that the advice in that guide is right. Either a normal code signing cert or a kernel mode cert will be fine. I don't believe an EV certificate will give you value. Unless you are providing a driver or a component that is part of the security or kernel infrastructure, the advice on that guide will be sufficient. If you are signing a driver you will also need the /integritycheck option. The Microsoft kernel mode code signing walkthrough is a good read to explain how to do code signing. Some of the steps there are more than you need if you are not providing a driver, but they will always be sufficient. Where the walkthrough differs from the first link I provided trust the first link.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
