I have developed a software application and digitally signed my installer with an Authenticode certificate obtained from Verisign (now Symantec). I signed the installer (.exe) using the signtool.exe utility that comes with Visual Studio. When I run the installer it now says my company name as the publisher instead of "unknown" which was my objective....success!
I then posted the installer file on my website for distribution to my customers. The file is served by an asp:button that executes the following code when clicked:
Response.ContentType = "application/octet-stream";
Response.AppendHeader("Content-Disposition", "attachment; filename=CP11Full_x86.exe");
Response.TransmitFile(Server.MapPath("~/Software/ContainmentPlanner/Files/CP11Full_x86.exe"));
HttpContext.Current.ApplicationInstance.CompleteRequest();
When I download the installer file from my website and run it the publisher field says "unknown"!!! I then copied the file directly from my web server to my computer using an FTP client and the downloaded file HAD THE SIGNATURE (i.e. did not show publisher: unknown), so apparently the file on the web server is fine. It must be something about the process of downloading the file via the website that strips or invalidates the digital signature. I tried both Firefox and IE and got the same result.
What am I doing wrong? Thanks in advance for your assistance.
