Every program is checked for a Digital Signature before it runs and if there's no valid signature present a security warning dialog (Screenshot2) appears. To me, that's just look a bit unprofessional. That's not what I want. I don't want to be the Unidentified Publisher. I don't want that my customer get's the advice "Don't run the program unless you know where it's from or you've used it before". What I want is to assure the integrity and authorship of my app (Screenshot1). So I have to sign it.

To sign files you need two things, you need a program to perform the signing operation and a code-sign certificate from a trusted CA vendor such as Thawte, Verisign or others. For Windows platforms you can use a tool named Signtool.exe which is shipped with MS Platform SDK (VS2008 Team Edition includes the latest platform SDK). To perform the signing operation, type the following command into the cmd shell: 

Signtool sign /f codesigncertificate.pfx /p <certificatepassword> / <url_to_timestamp_server> <all_your_files_to_sig_in_one_line>

 
That's it, but only if you want to sign your files manually.
For strong proponents of automated builds in one step (like us) you can wrap it up in an MSBUILD Exec task.

<Exec Command="signtool.exe sign /f $(codesigncertificate) /p $(certificatepassword) /t $(url_to_timestamp_server) @(files_to_sign, ' ')"/>
 
Now, you are not any longer the Unidentified Publisher.

(download)

Click here to download:

Not_any_longer_the_Unidentifie.zip (43 KB)