The question has already been asked and answered about how one can 'sign' a Windows executable; however, the answer requires the ongoing expense of a hosted certificate.
My company already has a VPS which we use for WWW, email and version control, so it seems to me that we could host our own certificate, albeit with rather less trustworthiness, but still sufficient for our clients.
We already host a PEM certificate which a consultant sysadmin set up for our email (IMAP4) hosting; can we use that and what would be the procedure for 'signing' the executable and hosting the certificate ? Presumably somewhere the URL of the hosted certificate would be embedded in what is attached ('signed') to the executable.
Here's a question on ServerFault that provides some good details on what specifically you can do with PEM (there's quite a bit more than I think would be prudent to copy/paste).
As far as self-signing, yes this is something you can do, although not trivially. In additional to the work setting it up there will be some ongoing maintenance that can be a real pain, especially if you don't know what you're doing very well. The problem is really two-fold:
Self-signing is generally not advised for production environments, especially with outside customers. There is too much to know and too many ways to screw it up.
If cost is an issue, you should check out Comodo's code signing certificate offerings . They are generally the best priced and quite reliable. They were hacked a copule years ago , but there was a lot the security field learned from that incident, and IMO it wasn't really Comodo's fault.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.