Hi, thanks for writing back. I'm not a Windows developer, but I think what we need is something like the description at https://stackoverflow.com/questions/252226/signing-a-windows-exe-file. Use SignTool.exe (from the Windows SDK) to apply a certificate to the .exe, probably after using MakeCert.exe (also from the Windows SDK) to create that self-signed certificate.
-Morgan Internal Use - Confidential -----Original Message----- From: Mike Gabriel <[email protected]> Sent: Wednesday, July 23, 2025 1:09 PM To: Clark, Morgan <[email protected]> Cc: [email protected] Subject: [X2Go-Dev] Re: digitally signed x2go client installer package? [You don't often get email from [email protected]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] [EXTERNAL EMAIL] Hi Morgan, On Mo 14 Jul 2025 15:58:02 CEST, Clark, Morgan wrote: > Hi, > This is a note I sent to the x2go-dev list before I managed to find > and follow the steps to get myself added to the list. From some > back-and-forth with the moderator, it appears that x2go already has > a detached signature, but our IT department told me that doesn't > work, they need the signature to be embedded in the installer. I > gather that the expense of a trusted CA-issued certificate is out of > your budget, but it sounded like our IT department would be ok with > a self-signed certificate (not ideal but it sounded like that would > satisfy the signing requirement). Would it be possible to issue the > current Windows release in an internally signed format? > > ==================================================================== > > Sometimes, like here, in the corporate world there are restrictions > on what software is allowed to be used, and in Dell's case one > restriction is that an installer package needs to be digitally > signed to verify that the installer we use is in fact the genuine > article. Unfortunately the MS Windows installer at > http://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe > does not appear to be digitally signed, so they won't let us use it. > > Would it be possible to create and publish a Windows installer that > is digitally signed by the x2go organization? It's a very useful > tool for our environment where most of our work is done on systems > remote from our desktops, and is better performing and more capable > than any alternative we've found, especially over WAN links. > > Thanks for considering our request, > > -Morgan We can surely GPG-sign the installer but I am not sure if that is helpful to you. Of course, we have no current plans as a community to get the X2GoClient_latest_mswin32_setup.exe signed by some official entity such as Microsoft. So, what kind of signing do you have in mind? Any docs that explain the required process? Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: [email protected], http://das-netzwerkteam.de/ _______________________________________________ x2go-dev mailing list -- [email protected] To unsubscribe send an email to [email protected] ${mailinglist_url} (substitution broken, will need mailman upgrade) https://lists.x2go.org/postorius/lists/x2go-dev.lists.x2go.org
