Create and Add a Free Certificate for Your Application

Helpful script writing tricks and HowTo's
User avatar
hasantr
Posts: 592
Joined: 05 Apr 2016, 14:18
Location: İstanbul

Create and Add a Free Certificate for Your Application

19 Apr 2020, 11:08

It is useful to create certificates to gain the trust of antiviruses and prove that the software is yours. When they whitelist your certificate, you now receive fewer false positives. It may also be useful for some Antiviruses that think of Autohotkey applications as viruses.

In order to perform these operations, you must have an operating system of Windows 8.1 and above.

Creating the Certificate:

Open the PowerShell window and edit the following codes according to your own order: (PowerShell can be found by searching in the Start Menu)

Enter Your Website Name:

Code: Select all

$cert = New-SelfSignedCertificate -DnsName www.yourwebsitename.com -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My
Enter the password for the certificate in the required field:

Code: Select all

$CertPassword = ConvertTo-SecureString -String "Your_Password" -Force –AsPlainText
Enter this command to export the certificate in Pfx format:

Code: Select all

Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($cert.Thumbprint)" -FilePath "D:\Certs\Your_Cert_Name.pfx" -Password $CertPassword
The result is as follows. A certificate has been created on path "D: \ Certs".
PowerShell.png
PowerShell.png (73.51 KiB) Viewed 1596 times


Add Certificate to Application:


Let's download and run the DigiCert App, a free app.
https://www.digicert.com/util/

The certificate will be displayed on the CodeSigning Tab. (If there is a different situation, add the certificate by using the "import" button on the right.)

Add the certificate by following the steps in the image in order.
DigiCert.png
DigiCert.png (73.5 KiB) Viewed 1596 times

Conclusion:


Now you can right click on the certified application, open its properties and check the certificate.
EndCert.PNG
EndCert.PNG (37.16 KiB) Viewed 1596 times
Resources: (In Turkish Language)
[spoiler3]https://www.sordum.net/52936/bir-yazilima-kod-sertifikasi-nasil-eklenir/
https://www.sordum.net/52825/kod-imzalama-sertifikanizi-kendiniz-olusturun/[/spoiler3]
burque505
Posts: 1371
Joined: 22 Jan 2017, 19:37

Re: Create and Add a Free Certificate for Your Application

19 Apr 2020, 11:18

@hasantr, very nice and extremely useful, thank you!
User avatar
Tigerlily
Posts: 353
Joined: 04 Oct 2018, 22:31

Re: Create and Add a Free Certificate for Your Application

30 Aug 2020, 13:28

@hasantr

Very interesting. I tried to download your Bright Temp x86.exe and my AV actually flagged it on Chrome and won't let me download it. I wonder if its since you digitally signed it in this way?

Pic:
Image

Normally, when I download an AHK exe from this site or GitHub that is not digitally signed in this way, I have no issues.

I was thinking it would be really cool if you made this certification process into an AHK GUI that anyone can use on any script.

Cheers.
-TL
SOTE
Posts: 1079
Joined: 15 Jun 2015, 06:21

Re: Create and Add a Free Certificate for Your Application

06 Sep 2020, 00:56

This was talked about a little bit on the Report False-Positives To Anti-Virus Companies thread. Digital signatures don't mean that Anti-Virus companies won't flag an executable as malware. Despite Windows Defender/SmartScreen, users can report your application (in numerous ways to numerous companies) as suspicious or malware, in addition to reporting your website. What digital signatures help with is user trust, SmartScreen, and UAC. With SmartScreen, it will show your information and the user can feel more comfortable about saying yes and allowing your program to run. That you have a digital signature and detailed information filled out, makes the program, author, and/or website it comes from look more professional. This in turns helps establish a reputation of trust with users and Microsoft, and after a bunch of installs and time, Microsoft will be less likely to launch the pop-up when new users attempt to install your application. Though this reputation is only for the present version of the application, not updates or newer versions.

With most Anti-Virus companies, they can be less likely to flag the program as malware, because it does have details like product name, product version, and a digital signature. But that's only a good start, out of multiple more checks to come. They will check for certain signatures, packers, behavior, attempting internet access, attempting to write to the registry, etc... For instance, Bright Temp x86 writes to the registry, thus will come under higher scrutiny.

Also, when it comes to digital signatures, there is more business shenanigans that is played. There is EV code signing certificates. These help establish your reputation with SmartScreen right away, for a nice sized yearly fee of course, with partners of Microsoft. And not just with Microsoft, but also with Google Safe Browsing (used also by Firefox, in addition to Chrome). You don't have to get the EV code signing certificate, but then you will have to wait an unknown period of time (see what they did there) to establish a positive reputation with Microsoft.
User avatar
hasantr
Posts: 592
Joined: 05 Apr 2016, 14:18
Location: İstanbul

create and Add a Free Certificate for Your Application

24 Sep 2020, 19:30

Tigerlily wrote:
30 Aug 2020, 13:28
@hasantr

Very interesting. I tried to download your Bright Temp x86.exe and my AV actually flagged it on Chrome and won't let me download it. I wonder if its since you digitally signed it in this way?

Pic:
Image

Normally, when I download an AHK exe from this site or GitHub that is not digitally signed in this way, I have no issues.

I was thinking it would be really cool if you made this certification process into an AHK GUI that anyone can use on any script.

Cheers.
The certificate may have expired.

Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 4 guests