Signing Code

[Lucky75]

Hi!

I'm attempting to get rid of that "Unknown Publisher" message that appears when you run unsigned code on windows, but I'm a bit confused.

What I have:

- a *.cert.pem file. Would this be the same as a spc?
- a *.key.pem file. Would this be the same as a *.key file?

I took them from my apache ssl directory since I already have a certificate for https. Am I able to use the same thing to sign code?

Code:

pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
makecert.exe -sv out.pvk -n "CN=MyCert" certfile.cer -b <startdate> -e <enddate>
pvk2pfx.exe -pvk out.pvk -spc certfile.cer -pfx PfxFile.pfx -po <password>

signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>

It still shows up as "Unknown Publisher" though, and I'm not even sure that I'm doing it correctly. Would anyone be able to help?

Thanks a lot!
Cheers.


Edit: Perhaps I want to do the following instead?

Code:

pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
openssl.exe crl2pkcs7 -nocrl -certfile my.cert.pem -outform DER -out my.spc

pvk2pfx.exe -pvk out.pvk -spc my.spc -pfx PfxFile.pfx -po <password>

signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>