I use SetupBuilder for my installers and it has a built in way to sign the installer.
But Windows 10 is flagging our app after install. And the SB people say I need to sign the app itself before putting it into the installer.
I’m not sure where to start… what tool to use… is it from Microsoft? etc.
I already have the certificate.
That should be a Setup Builder question. Google “SetupBuilder code signing” and I bet you’ll get a few useful links on how to do it. Frankly, I’m surprised it’s not in the Setup Builder documentation.
Right - usually the steps are:
- Build your Windows application with Xojo
- CodeSign the built .exe
- Build an installer.exe
- CodeSign the installer
So both application and it’s installer are signed.
To sign an .exe, maybe click on the Forum-Channel: Targets -> Windows, then search for “CodeSign”. That has come up quite some times, such as here.
We use signtool, which is part of Visual Studio. Again described in this Forums.
And I think to remember that others are using Certificate from Comodo, and that they provide some own tool to codesign.
Once you have all this in place, it is still possible that you get some “Smart Screen warning”. That’s that odd “Establish reputation with SmartScreen® Filter” thing. They want you to buy a more expensive certificate. Or let you wait some time to get “reputation”. I’ve explained a bit about that here.
If you are going to try it with the “signtool”…:
I don’t know if this is still a valid way to get “signtool”:
[quote]Windows Software Development Kit (SDK): https://go.microsoft.com/fwlink/?linkid=821375
[x] Windows App Certification Kit
[x] Windows SDK Signing Tools for Desktop Apps[/quote]
If it is, then you have one of the tools. And use the link in the previous post to get an idea which commands you need in order to sign the .exe