Windows Self-Signed Certificates

The recent versions of RemarkPy, WinDiction, and WinTermNote all have a self-signed digital certificate that should guarantee the integrity of the self-extracting installer and its content.

Here, at glance, the steps I followed.

1) From Windows PowerShell, I created a digital self-signed certificate:

   $cert = New-SelfSignedCertificate -Subject "Seve's BMC self-extracting executables" -Type CodeSigningCert -CertStoreLocation "Cert:\CurrentUser\my"

2) Then, I started the management console mmc from the search box. Selected the snap-in certificate and copied the certificate from the Personal namespace to Trusted Root CA/Certificates.

4) From the Trusted Root CA, I exported the certificate with right-click, All Task, Export.

In the export wizard, I have enabled the following options:

- Export the private key,

- Confirmed .pfx format,

- Set a password,

- Save to C:\

3) Finally, I signed (via Visual Studio Community 2019 - Desktop compiler workload ) the installer from the Command Prompt with:

   "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "c:\installers.pfx" /p password installer.exw

You can verify that you have downloaded the original installer with right-click on the .exe file, Properties, Digital Signature, Details, View Certificate. The certificate should look as shown below.

Avoid running the installer if the certificate is missing.

Windows has found a good balance between security and usability since the .exe file came from a different machine, when you double-click on it, it will open Windows Defender SmartScreen and will warn you not to run the installer. Luckily, you can bypass the SmartScreen as follows:

• Right-click on the installer, select Properties and then mark the Unlock checkbox beside This file came from another computer..., then Apply/OK.

Now you can complete the installation just with a double-click.