Fernandes
Posts: 7
Joined: Sun Dec 21, 2014 10:24 pm

Code Signing Certificate

Thu May 14, 2015 2:09 pm

Hello,

I'm new to code signing an installer.

I came across comodo-codesigning-ssl
https://www.gogetssl.com/comodo-ssl-cer ... gning-ssl/
Will a certificate obtained from the above issuer work with advanced installer (i.e signing an installer I'm creating).

I also came across startssl (https://www.startssl.com/?app=39) . However, I read that the certificate provided by startssl expires even if we add a time stamp to them.
Will a certificate from startssl work with advanced installer?
If a certificate expires, then will the installed application still work on the system or will it stop working and give error?

thanks in advance

Dan
Posts: 4484
Joined: Wed Apr 24, 2013 3:51 pm

Re: Code Signing Certificate

Fri May 15, 2015 5:09 am

Hello Fernandes,

A digital signature is used to help authenticate the identity of the creator of digital information. Digital signatures are based on digital certificates. Digital certificates are verifiers of identity issued by a trusted third party, which is known as a certification authority (CA). It doesn't matter from which you get the certificate as long as it is a valid one.
Digital signatures help establish the following authentication measures:
  • Authenticity
  • Integrity
  • Non-repudiation
The Digital Signature feature from Advanced Installer allows you digitally sign your installation package. By digitally signing your installers and products in Advanced Installer, you will increase your user's confidence in you and your company, giving them peace of mind about your software.

Please take a look on the Digital Signature article which may be useful to you.
If a certificate expires, then will the installed application still work on the system or will it stop working and give error?
Most likely, after the certificate expires you will get the Unknown Publisher message on Windows Vista or above, during installation.

If you have other questions, please let us know.

Best regards,
Dan
Dan Ghiorghita - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

dms
Posts: 164
Joined: Tue Aug 28, 2007 7:11 am
Location: UK

Re: Code Signing Certificate

Fri May 15, 2015 7:00 am

Most likely, after the certificate expires you will get the Unknown Publisher message on Windows Vista or above, during installation.
As I understand it not if you use the timestamp feature as well. So long as you build the installer whilst your certificate is still valid and add the correct timestamp url then even if someone installs your software via that installer it will still show up as being from a trusted source because at the 'time' that it was built the certificate was valid.

Dom

Return to “Building Installers”