A self signed certificate is worthless in itself. You need to buy a certificate from provider like Sectigo.

A self signed certificate is worthless in itself. You need to buy a certificate from provider like Sectigo.

I had some issues with the python signtool. so not sure

A self signed certificate is worthless in itself. You need to buy a certificate from provider like Sectigo.

You need to purchase a code signing certificate from a code signing authority like Sectigo.

@@AI_HDR For real?? Chris is showing you how to sign your exe with the certificate you purchased. Not how to get a certificate for free smh

Sigstore, which is under the Linux Foundation, can provide certs for free for open source projects. They have several partners which make this happen.

urn anti virus off cuz these DUMB anti viruses block 100% secure programs also calling them as virus

This still applies for physical tokens. Install your certificate in the keystore and then export it with the private key. Then you can sign your applications just as shown.

A self signed certificate is worthless in itself. You need to buy a certificate from provider like Sectigo.

Certificate authorities have to register with the operating system, and then they pass on the costs to you, plus their own fees. There are also different types of code signing certificates with different levels of trust. A signed binary helps Windows identify your application as safe and unadulterated. If someone were to alter your exe or dll with malicious intent or trying to impersonate your application with an altered version, it breaks the certificate and the binary is flagged by the operating system as un-trusted. In the end, your certificate not only gives your application a level of trust at the OS level, but it also makes the developer accountable. Getting a certificate is a process in which they must verify your identity or company as legitimate, which means if you create malicious software, it can be tied to you legally. Code signed with a certificate allows users to understand that when they open your application, it can be trusted. The high cost of investment ensures that you invest in your own trust and raises the investment cost to deter wrong doers. With that said, you should be able to find deals from reputable certificate authorities for around $100-200 if you do some searching. I hope this information helps. Thanks for watching and good luck!

@@Dimensionscape Thank you. I searched around everything I found was between $400 and $1700 dollars. I have no clue which one to look for. I'm working on a little game in c# this is my first project I'm soon to release and already my virus scanner stopped it.

@@Dimensionscape How to get a PFX file and not some USB Drive shipped? I need to sign a code. Not to buy some USD drive and wait for arrival gods knows when.

​@@Dimensionscape I developed a desktop app; intended to deploy it for free with open source code, to find myself ended up stumbled across a non-free certificate 🤣😥

Why my comment has been hidden?, I didn't see it anymore!

I apologize, the required standard changed shortly after this video was published! It's still possible to sign your application this way but you have to use a tool such as OpenSSL to convert your certificate to pk12/pfx. I will publish a new video on this soon!

@@Dimensionscape Ha! This is what I was after, wasn't working for me, but guess I need to convert to pk12. Thanks a bunch Chris!

@@Dimensionscape I'd recommend adding a popup to the start of your vid to save confusion though! Took me an hour before I cam across this comment :D

@@joshgilderdale99 Thank you for the recommendation! I will do that.

@@Dimensionscape Ok so weirdly enough, I managed to get it working with the .cer filetype. It still wasn’t working even when pfx. The issue was my usb token wasn’t plugged into the machine when I tried to run so the sign wizard didn’t show, lol…

I’m about to try this for drivers did it fork for you?

A code signing certificate can be purchased from a reliable Certificate Authority. You sign your binaries such as an exe before distributing it to your customers. Why is this important? Signing your binaries with a recognized certificate allows windows to identify your application and creates a layer of security for your users. Without being signed by a certificate, users that open an unsigned exe will receive an unknown publisher warning, which indicates that the file may be dangerous to open. Not only does signing your application prevent this, but it lets your users be assured that no one has tampered with the file since it was published by you.

@@Dimensionscape Does Microsoft give any guidance on which authorities are reliable? I'm trying to release an app and disappointed there are no official guides.

It's a self signed certificate I created for the purpose of demonstrating how to sign a binary using a gui tool. If you want to sign your exes, you need to buy a code signing certificate from a trusted certificate authority.

@@Dimensionscape from were i pay it ?

You have to buy one from a certificate authority.

The GUI just wraps the command line tool in a user friendly way. The signtool command is straightforward if you're already familiar with the command line. learn.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-sign-a-file

@@Dimensionscape I always think the command line is way better .

@@edwardmacnab354 Not everyone is comfortable with the command line as there are multiple GUI tools for development these days. If you are command line savy, you probably don't need a video tutorial to code sign your binaries.