I got a Code Signing certificate from comodo to sign my installers on Windows and avoid producing the Authenticode’s warning for Unknown Publisher.
I’ve implemented the signing in my build (it’s a double-signing to get the broadest support of Windows versions, executed with signtool v6.3 as per described here).
The issue I am having is that on Windows 7 and Vista (and maybe other places as well), when I first open the installer - it sometimes says Unknown Publisher. If I go in the properties of the file and inspect the certificate (it always says “certificate is OK”), then consecutive run of the installer shows the identified publisher.
In this thread and this thread, people say that signtool’s
/ac option should be used (passing the AddTrustExternalCARoot.crt file path), but almost all of them say it should be required only for driver signing.
Have you dealt with this and how do you resolve it? Having the installer say Unknown Publisher in half of the runs, kind of beats the purpose of this certificate.
Have an amazing New Year’s party, tonight! Cheers!