mikrit

Can I include an intermediate certificate when signing an Add-In?

Discussion created by mikrit on May 20, 2013
Hello there.

I am trying to sign my Add-In by ESRISignAddIn.exe.

The problem is that our code-signing certificate is issued by an intermediate certificate, "Thawte Code Signing CA - G2". If this intermediate certificate is not installed on the target computer, then the ESRI ArcGIS Add-In Installation Utility does not check the checkbox for "Source is trusted". I can tell our costumers they must install the intermediate certificate, but that's cumbersome.

So I wonder, is it possible to include the intermediate certificate when signing the Add-In? If I had used signtool instead of ESRISignAddIn, I understand that it would have been possible to do so, for example by doing

signtool.exe sign /f myCertificate.pfx /ac thawte-intermediate-ca.cer /p myPassword /t http://timestamp.verisign.com/scripts/timstamp.dll myApplication.exe

Source: http://codingexpedition.wordpress.com/2011/04/21/thawte-code-signing-pfx/

Outcomes