Are there any plans to use code signing on the Windows side?

[avineshwar]

The binaries (MSIs or EXEs) are not signed currently

[sudarshan-reddy]

Hey @avineshwar . This is something we’d like to do in the future. Do you want to try to take a shot at it? I can guide you.

[avineshwar]

Hey @avineshwar . This is something we’d like to do in the future. Do you want to try to take a shot at it? I can guide you.

Since I am looking forward to it, sooner rather than later, looking forward to providing any cooperation that can assist in this.

[sudarshan-reddy]

Awesome, can you have a look at https://github.com/cloudflare/cloudflared/blob/master/cloudflared.wxs?

You'll need the binary from https://github.com/sudarshan-reddy/msitools/releases to generate an msi from this wixl.

https://github.com/mtrojnar/osslsigncode is the POSIX version of signtool.exe that windows generally uses.

This should be enough to get started. Let me know if you have questions.

[hultqvist]

The approach that worked for me was to first build the msi and then sign it afterwards using signtool.exe sign ... "installer.msi" No need to look inside the msi build process.

To be sure I signed one of the msi from the release page and that solved the problem with the warnings in Windows.

What's left to do can only be managed from the inside by those responsible for managing the code certificate, not by external contributors.