We're trying to sign an installer exe, but we keep getting "Unknown Publisher" errors on the machines that download them.
Here's our steps:
- Build the code and create an installer
- Sign the installer (with a trusted certificate)
- Upload the installer
- Download the installer onto a different machine.
- Double click the installer.
- The Vista warning says it's an "unknown publisher"
Here's the kicker though. If I right-click on the file and go to Properties>Digital Signatures, I can see our digital signature there. Then, once I click Details for that digital signature, then close all the properties windows and double-click the exe again, I will no longer get the "Unknown Publisher" error on that machine, but instead it shows the correct publisher and the problem is fixed. It's like clicking on Details somehow installs that signature somewhere on the machine (the certificate store maybe, but I can't find it in the certificate store).
Anyway, any ideas as to why it shows "Unknown Publisher" at first but then fixes itself?
I am taking a long shot here because I don't know anything about codesigning, but maybe your trusted Certificate is from an intermediate CA and you have to somehow include the whole certificate chain.