You can try using Microsoft's Sign Tool

你可以尝试使用微软的签名工具

You download it as part of the Windows SDK for Windows Server 2008 and .NET 3.5. Once downloaded you can use it from the command line like so:

您可以将其作为适用于 Windows Server 2008 和 .NET 3.5 的 Windows SDK 的一部分进行下载。下载后，您可以从命令行使用它，如下所示：

signtool sign /a MyFile.exe

signtool 签名/a MyFile.exe

This signs a single executable, using the "best certificate" available. (If you have no certificate, it will show a SignTool error message.)

这使用可用的“最佳证书”对单个可执行文件进行签名。（如果您没有证书，它将显示 SignTool 错误消息。）

Or you can try:

或者你可以试试：

signtool signwizard

符号工具符号向导

This will launch a wizard that will walk you through signing your application. (This option is not available after Windows SDK 7.0.)

这将启动一个向导，引导您完成对应用程序的签名。（此选项在 Windows SDK 7.0 之后不可用。）

If you'd like to get a hold of certificate that you can use to test your process of signing the executable you can use the .NET tool Makecert.

如果您想获得可用于测试签署可执行文件的过程的证书，您可以使用 .NET 工具Makecert。

Certificate Creation Tool (Makecert.exe)

证书创建工具 (Makecert.exe)

Once you've created your own certificate and have used it to sign your executable, you'll need to manually add it as a Trusted Root CA for your machine in order for UACto tell the user running it that it's from a trusted source. Important. Installing a certificate as ROOT CA will endanger your users privacy. Look what happened with DELL.You can find more information for accomplishing this both in code and through Windows in:

创建自己的证书并使用它来签署可执行文件后，您需要手动将其添加为计算机的受信任根 CA，以便UAC告诉运行它的用户它来自受信任的来源。重要的。将证书安装为 ROOT CA 会危及您的用户隐私。看看戴尔发生了什么。您可以在代码中和通过 Windows 找到有关完成此操作的更多信息：

• Stack Overflow question Install certificates in to the Windows Local user certificate store in C#

• Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

• 堆栈溢出问题将证书安装到 C# 中的 Windows 本地用户证书存储中

• 在 Windows Vista 中安装自签名证书作为受信任的根 CA

Hopefully that provides some more information for anyone attempting to do this!

希望这为任何尝试这样做的人提供更多信息！

I had the same scenario in my job and here are our findings

我在工作中遇到了同样的情况，这是我们的发现

The first thing you have to do is get the certificateand install it on your computer, you can either buy one from a Certificate Authorityor generate one using makecert.

您要做的第一件事是获取证书并将其安装在您的计算机上，您可以从证书颁发机构购买证书或使用makecert生成证书。

Here are the pros and cons of the 2 options

以下是 2 个选项的优缺点

Buy a certificate

购买证书

• Pros
  • Using a certificate issued by a CA(Certificate Authority) will ensure that Windows will not warn the end user about an application from an "unknown publisher" on any Computer using the certificate from the CA (OS normally comes with the root certificates from manny CA's)
• Cons:
  • There is a cost involved on getting a certificate from a CA

• 优点
  • 使用由 CA（证书颁发机构）颁发的证书将确保 Windows 不会警告最终用户使用来自 CA 的证书的任何计算机上来自“未知发布者”的应用程序（操作系统通常带有来自 manny CA 的根证书） )
• 缺点：
  • 从 CA 获取证书涉及成本

Generate a certificate using Makecert

使用 Makecert 生成证书

• Pros:
  • The steps are easy and you can share the certificate with the end users
• Cons:
  • End users will have to manually install the certificate on their machines and depending on your clients that might not be an option
  • Certificates generated with makecert are normally used for development and testing, not production

• 优点：
  • 步骤很简单，您可以与最终用户共享证书
• 缺点：
  • 最终用户必须在他们的机器上手动安装证书，这取决于您的客户端，这可能不是一个选项
  • 使用 makecert 生成的证书通常用于开发和测试，而不是生产

Sign the executable file

签署可执行文件

There are two ways of signing the file you want:

有两种方法可以签署您想要的文件：

• Using a certificate installed on the computer

  signtool.exe sign /a /s MY /sha1 sha1_thumbprint_value /t http://timestamp.verisign.com/scripts/timstamp.dll/v "C:\filename.dll"

  • In this example we are using a certificate stored on the Personal folder with a SHA1 thumbprint (This thumbprint comes from the certificate) to sign the file located at "C:\filename.dll"

• Using a certificate file

  signtool sign /tr http://timestamp.digicert.com/td sha256 /fd sha256 /f "c:\path\to\mycert.pfx" /p pfxpassword "c:\path\to\file.exe"

  • In this example we are using the certificate "c:\path\to\mycert.pfx" with the password pfxpassword to sign the file "c:\path\to\file.exe"

• 使用安装在计算机上的证书

  signtool.exe 签名 /a /s MY /sha1 sha1_thumbprint_value /t http://timestamp.verisign.com/scripts/timstamp.dll/v "C:\filename.dll"

  • 在此示例中，我们使用存储在 Personal 文件夹中的证书和 SHA1 指纹（此指纹来自证书）对位于“C:\filename.dll”的文件进行签名

• 使用证书文件

  signtool 签名 /tr http://timestamp.digicert.com/td sha256 /fd sha256 /f "c:\path\to\mycert.pfx" /p pfxpassword "c:\path\to\file.exe"

  • 在此示例中，我们使用证书“c:\path\to\mycert.pfx”和密码 pfxpassword 对文件“c:\path\to\file.exe”进行签名

Test Your Signature

测试您的签名

Method 1: Using signtool

方法一：使用signtool

Go to: Start > Run Type CMD > click OK At the command prompt, enter the directory where signtool exists Run the following:

进入：开始>运行输入CMD>点击确定在命令提示符下输入signtool所在目录运行如下：

signtool.exe verify /pa /v "C:\filename.dll"

signtool.exe 验证 /pa /v "C:\filename.dll"

Method 2: Using Windows

方法 2：使用 Windows

Right-click the signed file Select Properties Select the Digital Signatures tab. The signature will be displayed in the Signature list section.

右键单击签名文件 选择属性 选择数字签名选项卡。签名将显示在签名列表部分。

I hope this could help you

我希望这可以帮助你

Sources:

资料来源：

• https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85)

• https://www.digicert.com/code-signing/signcode-signtool-command-line.htm

• https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO15544&actp=search&viewlocale=en_US

• https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

• https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85)

• https://www.digicert.com/code-signing/signcode-signtool-command-line.htm

• https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO15544&actp=search&viewlocale=en_US

• https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

You can get a freecheap code signing certificate from Certumif you're doing open source development.

如果您正在进行开源开发，您可以从 Certum获得免费的廉价代码签名证书。

I've been using their certificate for over a year, and it does get rid of the unknown publisher message from Windows.

我已经使用他们的证书一年多了，它确实摆脱了来自 Windows 的未知发布者消息。

As far as signing code I use signtool.exefrom a script like this:

至于签名代码，我从这样的脚本中使用signtool.exe：

signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f "MyCert.pfx" /p MyPassword /d SignedFile.exe SignedFile.exe

The ASP's magazine ASPects has a detailed description on how to sign code (You have to be a member to read the article). You can download it through http://www.asp-shareware.org/

ASP 的杂志 ASPects 有关于如何签署代码的详细说明（您必须成为会员才能阅读该文章）。您可以通过http://www.asp-shareware.org/下载

Here's link to a description how you can make your own test certificate.

这是指向如何制作自己的测试证书的说明的链接。

Thismight also be interesting.

这也可能很有趣。

Another option, if you need to sign the executable on a Linux box is to use signcodefrom the Mono project tools. It is supported on Ubuntu.

另一种选择，如果你需要签署的可执行文件在Linux中是使用signcode从Mono项目的工具。它在 Ubuntu上受支持。

Reference https://steward-fu.github.io/website/driver/wdm/self_sign.htmNote: signtool.exe from Microsoft SDK

参考https://steward-fu.github.io/website/driver/wdm/self_sign.htm注：微软 SDK 中的 signtool.exe

1.First time (to make private cert)

1.第一次（制作私人证书）

Makecert -r -pe -ss YourName YourName.cer

Makecert -r -pe -ss YourName YourName.cer

certmgr.exe -add YourName.cer -s -r localMachine root

certmgr.exe -add YourName.cer -s -r localMachine root

2.After (to add your sign to your app)

2.After（将您的标志添加到您的应用程序）

signtool sign /s YourName YourApp.exe

signtool sign /s YourName YourApp.exe

Use following link to sign .exe (setup/ installer)file (sign exe/setup file without using Microsoft setup signtool)

使用以下链接签署 .exe（安装程序/安装程序）文件（在不使用 Microsoft 安装程序签名工具的情况下签署 exe/安装程序文件）

https://ebourg.github.io/jsign/#files

https://ebourg.github.io/jsign/#files

sample command java -jar jsign-2.0.jar --keystore keystore.jks" --alias alias --storepass password MyInstaller.exe

示例命令 java -jar jsign-2.0.jar --keystore keystore.jks" --alias alias --storepass password MyInstaller.exe

Worked for me :)

对我来说有效:)

And yet another option, if you're developing on Windows 10 but don't have Microsoft's signtool.exe installed, you can use Bash on Ubuntu on Windows to sign your app. Here is a run down:

还有一个选择，如果您在 Windows 10 上开发但没有安装 Microsoft 的 signtool.exe，您可以在 Windows 上的 Ubuntu 上使用 Bash 来签署您的应用程序。这是一个运行：

https://blog.synapp.nz/2017/06/16/code-signing-a-windows-application-on-linux-on-windows/

https://blog.synapp.nz/2017/06/16/code-signing-a-windows-application-on-linux-on-windows/

This is not a direct answer to the question, but it is closely related (and useful I hope) since sooner or later a programmer will have put his hand into the wallet:

这不是对问题的直接回答，但它是密切相关的（我希望也是有用的），因为迟早会有程序员把手伸进钱包：

So, prices for EV signature:

因此，EV 签名的价格：

1 Year $350 + ($50 hidden fee)
2 Year $600
3 Year $750
[www.ksoftware.net][3]
eToken sent as USB stick. No reader needed.
You actually purchase from Comodo (Sectigo)

1 年 $350 +（$50 隐藏费用）
2 年 $600
3 年 $750
[www.ksoftware.net][3]
eToken 作为 U 盘发送。不需要读者。
您实际上是从 Comodo (Sectigo) 购买的

1 Year 350 euro
3 Year 799 euro
sklep.certum.pl

1 年 350 欧元
3 年 799 欧元
sklep.certum.pl

1 Year $499 USD
3 Year $897 USD
sectigo.com

1 年 499 美元
3 年 897 美元
sectigo.com

1 Year $410 total
2 Years $760 total
3 Years $950 total
www.globalsign.com

1 年总计 410 美元
2 年总计 760
美元 3 年总计 950 美元
www.globalsign.com

1 Year: $600 (it was $104)
3 Year: ?
www.digicert.com

1 年：600 美元（原价 104 美元）
3 年：？
www.digicert.com

1 Year: $700
3 Years: ridiculous expensive
[https://trustcenter.websecurity.symantec.com/]

1 年：700 美元
3 年：贵得离谱
[ https://trustcenter.websecurity.symantec.com/]

More prices here:
https://cheapsslsecurity.com/sslproducts/codesigningcertificate.html

更多价格在这里：https:
//cheapsslsecurity.com/sslproducts/codesigningcertificate.html

Also see link added by Erick Castrillo: cheapsslsecurity.com/sslproducts/codesigningcertificate.html

另请参阅 Erick Castrillo 添加的链接：cheapsslsecurity.com/sslproducts/codesigningcertificate.html