I have an application, which I sign and timestamp using a code-signing certificate issued by thawte, with intermediate authority Thawte code signing CA - G2.
The signature is OK (as it shows in file properties) and you can view the certification chain, so that is all okay.
On most PCs, the user just clicks on the .exe file and it runs, but on Windows 7 with default settings, the "Open File - Security Warning" pops up EVERY TIME. It shows that it is signed, that the publisher is our company, and the user can verify that. This is not what we want. We want the user to double-click the file and go. I added our certificate to the "trusted publishers" in certmgr, and then I added our certificate to the "trusted root certification authorities". I think I tried all combinations, that made sense to me. Still I am not getting the desired result.
I used Google a lot and I spent almost 2 days fiddling around with it, with no progress at all. How can I sign another file, send it to the computer, run it the same, convenient way as if it was developed and released by Microsoft or another big company?
I need a general solution for all OS of Windows family Vista and newer.
P.S. I do not want to unblock files, do registry hacks, or security level adjustments. I think I am missing something around where to install the certificates. If needed, please feel free to ask for code or settings, and I will gladly provide them.
