locked
"Verified Publisher" Unknown or "Unknown Publisher" warning despite Signed Code RRS feed

  • Question

  • We sign our code using a Comodo Code Signing certificate.  Right clicking any of our .exe's and checking Digital Signature shows a SHA-256 Digest Algorithm and Comodo RSA Code Signing CA with a date validity range encompassing the current date.  The Certification path shows:

      Sectigo(Formerly COMODO SA)

         Comodo RSA Code Signing CA

             <OurCompany, Inc.>

    Why then does Windows always claim it does not know the Publisher?  We don't use "self-signed" certificates - we pay to keep a current CA Authority verified code-signing certificate and are careful to sign every exe we ship.

    Suggestions?  Please dont suggest we talk to Comodo - the Digital Signature is correct.  The certificate appears uniform with the Windows exes that are signed.

    Monday, March 2, 2020 3:30 PM

All replies

  • Hi,

    Thanks for posting here,

    According to the following document:

    List of Participants - Microsoft Trusted Root Program

    You could check if the Comodo RSA Code Signing CA is in the list:  https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT

    You could also try to install the certificate.

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, March 3, 2020 10:08 AM
  • Thank you for the reply, Drake.

    I suppose "CA" stands for "Certification Authority" "COMODO RSA Certification Authority" 

    Install the certificate?  It is installed on the machine I sign code with.  Are you suggesting it should be installed on my clients' machines? 

    I'm sorry - I do not understand.

    Tuesday, March 3, 2020 10:20 PM
  • Did you try Microsoft Signtool.exe, and specify the /ac option:
    Using SignTool to Sign a File

    And did you modify the exe file after code signed?

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, March 4, 2020 2:51 AM