Forums

MSI Publisher Configurations
Unknown Publisher for MSI

LDM, User (Posts: 1)

Jan 29, 2016 12:36:47 pm EST

Just a heads-up/FYI:

[broken link removed]

Any code signed after Jan 1, 2016 signed with a SHA-1 hash will get these warnings in IE and possibly other browsers soon if not already. It needs to be signed with SHA-2.

Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust new code that is signed with a SHA-1 code signing certificate for Mark-of-the-Web   related scenarios (e.g. files containing a digital signature) and that has been time-stamped with a value greater than January 1, 2016. This cut-off date applies to the code-signing certificate itself.

This restriction will not apply to the time-stamp certificate used to time-stamp the code-signing certificate or the certificate’s signature hash (thumbprint) until January 1, 2017. After this time, Windows will treat any code with a SHA-1 time-stamp or SHA-1 signature hash (thumbprint) as if the code did not have a time-stamp signature.