Just some quick notes on signing Windows executables using a Mac. First, get Mono:
It boils down to something like this:
- Open your Thawte issued .SPC file in Windows using certmgr (just double click it).
- Expand the certificate view in the left pane and click on Certificates.
- The components of your SPC file will be displayed, normally consisting of your company certificate and then some signer root certificates.
- For each of the certificates, go to
Action / All Tasks / Export...and export the certificate as a DER .cer file.
- Bring the exported files to your Mac and join them with
cert2spc cert1.cer cert2.cer cert3.cer my_fixed_certificate.spc
- Use the newly generated SPC file to sign your code:
signcode -spc my_fixed_certificate.spc -v my_private_certificate_key.pvk -a sha1 -$ commercial -n MyProductName -i http://www.mycompany.com -t http://timestamp.verisign.com/scripts/timstamp.dll MyProgram.exe
- Verify by trying to run the executable in Windows.
A final note: don’t try to verify the signing using mono’s chktrust command. At least for me it always tells me the exe doesn’t have a signature.