阿轟師與他的快樂夥伴

Using signtool to sign an app and import the key to windows

Create a sel-certificate for app signing

Create a ssl-config file as below.

[req]
prompt = no
default_md = sha256
default_bits = 2048
distinguished_name = dn
x509_extensions = v3_req

[dn]
C = TW
ST = Taiwan
L = Taipei
O = Test Inc.
OU = IT Department
emailAddress = test@test.com
CN = MyTestCert

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.localhost
DNS.2 = localhost
IP.1 = 192.168.2.100

The CN is the name of the sel-certificate you want to create.

Using command below to create the self-certificate and private key.

openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf

Create pfx file.

openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx

Now you have three files:

• server.key (Private key)
• server.crt (Certificate File)
• server.pfx (pfx file)

Sign App by using self-certificate

Open PowerShell as admin and run this command:

signtool sign /fdws /f "PathToThePfxFileThatYouCreatedInPreviousStep" /p "ThePasswordThatYou'veSet" /tr "TimeStampServerUrl" /td certHash /fd SHA256 /as "PathToYourApp'sInstaller.exeFile"

For example:

signtool sign /fdws /f "D:\Home\Self Signed Certificates\server.pfx" /p "password" /tr "http://timestamp.sectigo.com" /td certHash /fd SHA256 /as "D:\My Projects\HelloWorld App\Output\HelloWorld-Setup.exe"

Import the key to windows

• Copy server.crt to your Windows system.
• Right-click the server.crt file and select Install Certificate.
• In the Certificate Import Wizard, select Local Machine and click Next.
• Choose Place all certificates in the following store and click Browse.
• Select Trusted Root Certification Authorities and click OK.
• Click Next and follow the prompts to complete the installation.

Reference

如何使用 OpenSSL 建立開發測試用途的自簽憑證 (Self-Signed Certificate)

How to make my WPF app to be on top of everything, even the Windows taskbar (like Windows clock app)?