Configuring
To begin signing program objects, the code-signing certificate you created must be selected as the signing tool.
Prerequisites: The code-signing certificate exists.
- In
The Code Signing Options property sheet opens.
- From the
Signing Certdrop-down list, select your code-signing certificate.The drop-down menu lists only certificates whose key usage is designated asCode Signing. If there is only one code-signing certificate in your User Key Store, this will be the only option. - If desired, set the
Tsa Url(Timestamp authority) to a valid timestamp authority.This property defaults to theURL. Time stamping a program object signature establishes trust even after a code-signing certificate expires. If your program object signatures are not time-stamped, they cannot be validated past the expiration date of the code-signing certificate.NOTE: In framework versions 4.2 and 4.3,Tsa Urldefaults to the now unavailable Geotrust TSA. In version 4.4, support was added for SHA-256 timestamps and the default was updated to the URL. If you are using versions 4.2 or 4.3, the recommended setting forTsa Urlis:http://timestamp.digicert.comIf you leave the default TSA in 4.2 and 4.3 set to Geotrust TSA, code signing will not work and you will run into errors due to the Geotrust TSA going off line. - To complete the configuration, click OK.
While this configuration procedure works if your code-signing certificate is self-signed or signed by a trusted intermediate
or root CA certificate, using the latter is preferred. In fact, without revisiting this configuration procedure, you could
set up a self-signed code-signing certificate, and sign it later. However, if you do this, you must re-sign any code that
you signed prior to getting your code-signing certificate signed.