You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use the portable version on a windows laptop and it worked for all versions < 2.7.0
Since 2.7.0 I can't start xca anymore, because Microsoft Defender SmartScreen intercepts :(
After digging into it a little bit I found out that portable versions(xca.exe) <2.5.0 are signed, but till 2.5.0 the xca.exe has no signature.
The missing signature has negative influence on the score for Microsoft Defender SmartScreen and should be added again.
Hopefully this helps to get rid of the warnings in the future.
Reproduce Issue
Download portable versions(2.5.0-2.8.0)
Check if signature is available:
$ osslsigncode.exe verify xca-2.5.0.exe
Current PE checksum : 0068C4C5
Calculated PE checksum: 0068C4C4
Warning: invalid PE checksum
No signature found
Unable to extract existing signature
Failed
What is expected
The xca.exe for 2.4.0 is signed and a validation is possible.
Example doesn't include a real validation, so it is expected to fail at the end
$ osslsigncode.exe verify xca-2.4.0.exe
PE checksum : 0024B842
Signature Index: 0 (Primary Signature)
Message digest algorithm : SHA256
Current message digest : 590852131C3FCA75B186127982C92708AD7B2F9C108C2EE292AD1B76406126FF
Calculated message digest : 590852131C3FCA75B186127982C92708AD7B2F9C108C2EE292AD1B76406126FF
Signer's certificate: ------------------ Signer #0: Subject: /C=DE/ST=Nordrhein-Westfalen/L=Hille/O=Open Source Developer/CN=Open Source Developer, Christian Hohnstaedt/[email protected] Issuer : /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Code Signing CA SHA2 Serial : 04FF54FF7D5578046E4672CE42E11D3D Certificate expiration date: notBefore : Apr 30 04:42:59 2021 GMT notAfter : Apr 30 04:42:59 2022 GMTMessage digest algorithm: SHA256Authenticated attributes: Signing time: May 7 20:46:09 2021 GMT Microsoft Individual Code Signing purpose Message digest: DB22EDDA23B0BCEC54DAE9EC0270B3E6BD6C8AE25DE9282F0CD9B96CB0A74E20 URL description: https://hohnstaedt.de/xca Text description: XCA 2.4.0Countersignatures: Timestamp time: May 7 20:46:10 2021 GMT Signing time: May 7 20:46:10 2021 GMT Hash Algorithm: sha384 Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Time Stamping CA Serial: 8C77A0008FF4D1B0C63D9F3A48838D6BCAfile: (null)Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.Timestamp Server Signature verification: failedFailed to add store lookup fileSignature verification: failedNumber of verified signatures: 1Failed
Workaround
Ignore the Microsoft Defender warning and force execution of xca.exe.
It seems the warning disappears in the future, after forcing the execution once.
The text was updated successfully, but these errors were encountered:
Problem
I use the portable version on a windows laptop and it worked for all versions < 2.7.0
Since 2.7.0 I can't start xca anymore, because Microsoft Defender SmartScreen intercepts :(
After digging into it a little bit I found out that portable versions(xca.exe) <2.5.0 are signed, but till 2.5.0 the xca.exe has no signature.
The missing signature has negative influence on the score for Microsoft Defender SmartScreen and should be added again.
Hopefully this helps to get rid of the warnings in the future.
Reproduce Issue
$ osslsigncode.exe verify xca-2.5.0.exe Current PE checksum : 0068C4C5 Calculated PE checksum: 0068C4C4 Warning: invalid PE checksum No signature found Unable to extract existing signature Failed
What is expected
The xca.exe for 2.4.0 is signed and a validation is possible.
Example doesn't include a real validation, so it is expected to fail at the end
Workaround
Ignore the Microsoft Defender warning and force execution of xca.exe.
It seems the warning disappears in the future, after forcing the execution once.
The text was updated successfully, but these errors were encountered: