Reputation: 1862
"signature is corrupt or invalid" downloading from IE
I got a Certum certificate to sign my C# application. Everything seems to be ok and I can execute the application and also see the valid certificate on it.
But, if I upload it to my webpage (publishing with Visual Studio or also uploading the EXE) I can't download it with Internet Explorer on Windows7. I get always this message: "Signature is corrupt or invalid". But once it is on the PC it seems to be valid. I know, there was a bug on IE in the year 2013 but it should be solved.
On Windows 10, Smartscreen also blocks this exe and I can't download it. I paid this certificate to show that my app is secure and now I got more problems than before :(
I don't know if I can insert the link to my application here.
Edit: I found this document from Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx - Seems that Microsoft with IE (but also Google with Chrome) doesn't allow to download SHA-1 signed applications anymore since 1. january because it is not secure enough.
Upvotes: 5
Views: 1302
Answers (3)
Reputation: 174
Even though my code signing certificate had a SHA2 hash, I still got the invalid or corrupt signature error when downloading the file in IE / Edge.
Apparently it is also required that the code signing certificate is issued by a CA with a SHA2 hash.
After contacting Verisign / Symantec support, they directed me to the following guide for reissuing my certificate:
this changed my intermediary CA from "VeriSign Class 3 Code Signing 2010 CA" (SHA1) to "Symantec Class 3 SHA256 Code Signing CA" (SHA256), and now IE / Edge don't report any errors
Upvotes: 0
Reputation: 1862
OK, now I can say: THERE IS NO SOLUTION!
At least not for the moment (January 2016).
- All new certificates must have a SHA-2 hash on Windows7/8 and Windows 10
- Certum
doesn't have SHA-2 certificates for the OpenSource optionSince february also the OpenSource certificate from Certum has SHA-2 hash possibility!
So, if you want create an application for WindowsXP, you can use the Open Source Sign from Certum. If you want sign your application for a new OS, you will only loose your money if you buy a Certum OpenSource certificate!
Upvotes: 3
Reputation: 11
I had to remove KB3124263 (had installed on the 14th for me) to return functionality :-(
Upvotes: 1
Related Questions
- How to call asynchronous method from synchronous method in C#?
- Get int value from enum in C#
- Interface defining a constructor signature?
- Get property value from string using reflection
- Why not inherit from List<T>?
- Call one constructor from another
- Difference between Authenticode, SPC and Java CodeSign?
- How do I update the GUI from another thread?
- Is there a way to SmartScreen-whitelist a .exe by Microsoft? (without an EV certificate)
- Is there a way to pass Smartscreen filter when creating an application with installshield limited?