rconn
Administrator
- May
- 13,647
- 253
Staff member
With no warning and no public announcement, Microsoft changed code signing behavior effective January 1. Windows 7+ will no longer support SHA1 certificates, only SHA2.
There are a some problems with this decision:
1) Very few entities actually sell SHA2 code signing certificates
2) Windows Vista and Server 2008 don't support SHA2 certificates
Microsoft's solution is to allow double-signing .EXE's, once with SHA1 and once with SHA2 so they will work with Vista, 2008, 7, 2012, 8.x, and 10.0. Unfortunately, they haven't actually provided the tools to do that yet, so software publishers are left with the option of either continuing to sign with SHA1 (and having users see the warnings about the installer being from an unknown and probably ISIS-affiliated publisher), or having multiple versions of installers to support different versions of Windows.
So over the next two or three weeks (until we get the reissued certificate & the updated Windows installer), you may see warnings when you download & install TCMD. Do not panic.
There are a some problems with this decision:
1) Very few entities actually sell SHA2 code signing certificates
2) Windows Vista and Server 2008 don't support SHA2 certificates
Microsoft's solution is to allow double-signing .EXE's, once with SHA1 and once with SHA2 so they will work with Vista, 2008, 7, 2012, 8.x, and 10.0. Unfortunately, they haven't actually provided the tools to do that yet, so software publishers are left with the option of either continuing to sign with SHA1 (and having users see the warnings about the installer being from an unknown and probably ISIS-affiliated publisher), or having multiple versions of installers to support different versions of Windows.
So over the next two or three weeks (until we get the reissued certificate & the updated Windows installer), you may see warnings when you download & install TCMD. Do not panic.