Fatal编程技术网
  • ssl/
  • Ssl 使用GoDaddy代码签名证书进行ClickOnce签名

Ssl 使用GoDaddy代码签名证书进行ClickOnce签名

ssl

Ssl 使用GoDaddy代码签名证书进行ClickOnce签名,ssl,clickonce,code-signing-certificate,signtool,Ssl,Clickonce,Code Signing Certificate,Signtool,我们已经从GoDaddy购买了一个代码签名证书,签署了我们的软件,但是当我尝试安装应用程序时,它仍然说“未知发布者”,防病毒和防火墙正在取消安装。从今天起,我已经重新键入了证书,并完成了四次整个过程。我在整个过程中没有任何问题或错误,并使用signtool成功地对setup.exe进行了签名。我做错了什么 我是这样做的: 我为GoDaddy颁发的证书重新设置了密钥,证书中的CSR由我的电脑生成,并根据以下说明选中“使我的私钥可导出”: 我使用GoDaddy CSR测试工具测试我的CSR:-一切

我们已经从GoDaddy购买了一个代码签名证书,签署了我们的软件,但是当我尝试安装应用程序时,它仍然说“未知发布者”,防病毒和防火墙正在取消安装。从今天起,我已经重新键入了证书,并完成了四次整个过程。我在整个过程中没有任何问题或错误,并使用signtool成功地对setup.exe进行了签名。我做错了什么

我是这样做的:

  • 我为GoDaddy颁发的证书重新设置了密钥,证书中的CSR由我的电脑生成,并根据以下说明选中“使我的私钥可导出”:

  • 我使用GoDaddy CSR测试工具测试我的CSR:-一切正常

  • 我将CSR提交给GoDaddy,重新输入我的证书并下载新的.pem和.spc

  • 我使用MMC->certmgr导入.spc文件,并按照以下说明导出.pfx:

  • 在Visual Studio中,我按照以下说明发布未签名的应用程序:

  • 我按照以下说明使用signtool对setup.exe进行签名:

    • 在cmd中,我运行:

    C:\ProgramFiles(x86)\Microsoft SDK\ClickOnce\SignTool>SignTool签名/f C:\Users\plvan\Desktop\cert\key.pfx/p MyStrongPwd/trhttp://tsa.starfieldtech.com /td SHA256 c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe

    命令成功:

    添加附加存储成功完成签名:c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe

    如果我运行“验证”

    C:\ProgramFiles(x86)\Microsoft SDK\ClickOnce\SignTool>SignTool verify/v/pa C:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe

    结果是:

    Verifying: c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 90941E5E4178D58CCAC2FA750C861F63440B90A7

Signing Certificate Chain:
Issued to: Starfield Root Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires:   Thu Dec 31 16:59:59 2037
SHA1 hash: B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E

    Issued to: Starfield Secure Certificate Authority - G2
    Issued by: Starfield Root Certificate Authority - G2
    Expires:   Sat May 03 00:00:00 2031
    SHA1 hash: 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4

        Issued to: Matrioshka Ltd.
        Issued by: Starfield Secure Certificate Authority - G2
        Expires:   Tue Sep 28 14:19:47 2021
        SHA1 hash: 5941FE2F9BC8FA31102EAB994F91AE2CEDC1FF34

The signature is timestamped: Thu Oct 01 19:02:04 2020
Timestamp Verified by:
Issued to: Starfield Root Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires:   Thu Dec 31 16:59:59 2037
SHA1 hash: B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E

    Issued to: Starfield Secure Certificate Authority - G2
    Issued by: Starfield Root Certificate Authority - G2
    Expires:   Sat May 03 00:00:00 2031
    SHA1 hash: 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4

        Issued to: Starfield Timestamp Authority - G2
        Issued by: Starfield Secure Certificate Authority - G2
        Expires:   Tue Sep 09 00:00:00 2025
        SHA1 hash: 7280A5FCD8DFE11F01FE8601B15EC41A376F05E2


Successfully verified: c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
    我怀疑我做的一切都是对的,但证书本身就是问题所在。我打电话给戈达迪,他们说他们这边没有问题。有什么想法吗