购买正式证书,如Global Sign,他们会提供签名工具
自签名证书,可使用微软的签名工具
https://docs.microsoft.com/zh-cn/dotnet/framework/tools/signtool-exe
1、安装vs2019,并打开developer powershell for vs 2019
2、执行如下命令
D:\signtoodemo>Makecert -sv test.pvk -r -n "CN=TCT" test.cer
Succeeded
D:\signtoodemo>Cert2spc test.cer test.spc
Succeeded
D:\signtoodemo>pvk2pfx -pvk test.pvk -spc test.spc -pfx test.pfx -f
D:\signtoodemo>signtool sign /fd SHA256 /f test.pfx demo.exe
Done Adding Additional Store
Successfully signed: demo.exe
D:\signtoodemo> signtool sign /f test.pfx /t http://timestamp.digicert.com /fd SHA256 demo.exe
Done Adding Additional Store
Successfully signed: demo.exe
D:\signtoodemo>signtool verify /pa /v demo.exe
SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
上述错误,需要双击test.cer文件,在弹出的证书对话框中选择“安装证书”,选择将证书存储在“受信任的根证书颁发机构”存储区