Code sign Windows executables
Overview
The Windows multirunner executables, that are available here are not digitally signed. Because of that Windows does not trust them and can block them when downloaded by Internet Explorer or Edge.
Windows executables downloaded from Internet should be always signed.
Proposal
- Buy a certificate from a trusted CA such as https://www.digicert.com/code-signing/ which was suggested in #2483 (comment 31521028). At the moment GitLab.com seems to be using a certificate from
Sectigo
which they also offer a code signing product https://sectigo.com/signing-certificates/code-signing - Use
SignTool
to sign the certificates
For development and testing we can use a tool such as MakeCert and Cert2SPC for development and testing before buying the actual cert
Edited by Darren Eastman