I am new to code signing. My goal is to be able to sign a setup.exe generated by Visual Studio and install it on my Windows 7 PC and my friends' Windows PCs without triggering unverified publisher or other warnings. The following approach did not work. What other steps do I need to take to achieve this?
On Windows 7, I followed the Original Answer at How do I create a self-signed certificate for code signing on Windows? by completing following steps. - created & imported CA - created SPC & converted to PFX - used first signtool command to sign a setup.exe generated by Visual Studio 2015.
The Digital Signatures General tab now says the "The digital signature is OK". But running the setup.exe on my Windows 7 PC triggers an Application Install Security Warning which says "The publisher cannot be verified. Are you sure you want to install this application?".
