ssl - 使用 GoDaddy 代码签名证书对 ClickOnce 进行签名
问题描述
我们从 GoDaddy 购买了代码签名证书,对我们的软件进行了签名,但是当我尝试安装该应用程序时 - 它仍然显示“未知发布者”,并且防病毒和防火墙正在阻止安装。到今天为止,我已经重新键入证书并完成了四次整个过程。我在整个过程中没有任何问题或错误,并成功使用 signtool 对 setup.exe 进行了签名。我做错了什么?
这是我的做法:
我使用我的 PC 生成的 CSR 重新键入 GoDaddy 颁发的证书,按照以下说明检查“使我的私钥可导出”:https ://www.ssltrust.com.au/help/setup-guides/code-signing-证书
我使用这个 GoDaddy CSR 测试工具测试我的 CSR:https ://ssltools.godaddy.com/views/csrDecoder - 一切正常
我向 GoDaddy 提交 CSR,重新输入我的证书并下载新的 .pem 和 .spc
我按照以下说明使用 MMC->certmgr 导入 .spc 文件并导出 .pfx:https ://ca.godaddy.com/help/windows-install-codedriver-signing-certificate-and-create-pfx-file-第2698章
在 Visual Studio 中,我按照以下说明发布未签名的应用程序: https ://docs.microsoft.com/en-us/visualstudio/deployment/how-to-sign-setup-files-with-signtool-exe-clickonce?view =vs-2019
我按照以下说明使用 signtool 签署 setup.exe:https ://ca.godaddy.com/help/signtool-sign-windows-code-with-a-code-signing-certificate-4778?locale=en
在 cmd 我运行:
C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool>signtool sign /f C:\Users\plvan\Desktop\cert\key.pfx /p MyStrongPwd /tr http://tsa.starfieldtech.com /td SHA256 c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
命令成功:
Done Adding Additional Store Successfully signed: c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
如果我运行“验证”
C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool>signtool verify /v /pa c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
结果是:
Verifying: c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 90941E5E4178D58CCAC2FA750C861F63440B90A7
Signing Certificate Chain:
Issued to: Starfield Root Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires: Thu Dec 31 16:59:59 2037
SHA1 hash: B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Issued to: Starfield Secure Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires: Sat May 03 00:00:00 2031
SHA1 hash: 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4
Issued to: Matrioshka Ltd.
Issued by: Starfield Secure Certificate Authority - G2
Expires: Tue Sep 28 14:19:47 2021
SHA1 hash: 5941FE2F9BC8FA31102EAB994F91AE2CEDC1FF34
The signature is timestamped: Thu Oct 01 19:02:04 2020
Timestamp Verified by:
Issued to: Starfield Root Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires: Thu Dec 31 16:59:59 2037
SHA1 hash: B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Issued to: Starfield Secure Certificate Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Expires: Sat May 03 00:00:00 2031
SHA1 hash: 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4
Issued to: Starfield Timestamp Authority - G2
Issued by: Starfield Secure Certificate Authority - G2
Expires: Tue Sep 09 00:00:00 2025
SHA1 hash: 7280A5FCD8DFE11F01FE8601B15EC41A376F05E2
Successfully verified: c:\Users\plvan\source\repos\IAD\DesktopApp1\publish\IAD1.3.0.0\setup.exe
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
我怀疑我做的一切都是正确的,但证书本身就是问题所在。我打电话给 GoDaddy,他们说他们这边没有问题。有任何想法吗?
解决方案
推荐阅读
- android - 如何使用 adb 在 Android 11 上触发 BroadcastReceiver?
- r - 在 map_df 函数中提取编码 UTF-8
- algorithm - 根据排名匹配球队中的球员
- python - 用于开发的 NetBox 插件安装
- google-sheets - googlesheets 上的月份函数
- firewall - 如何让 LittleSnitch 阻止传入和传出连接?
- c# - 为什么 UWP 不支持亚克力笔刷?
- wordpress - 让 Google 在搜索结果中显示本地化的 Wordpress 网站
- macos - Apache:无法访问虚拟主机子目录中的 css 文件
- vert.x - 如何使用 vertx-http-proxy 丰富 HTTP 请求标头