## Overview The Windows multirunner executables, that are [available here](https://docs.gitlab.com/runner/install/windows.html) are not digitally signed. Because of that Windows does not trust them and can block them when downloaded by Internet Explorer or Edge. Windows executables downloaded from Internet should be always signed.  ## Proposal - Buy a certificate from a trusted CA such as https://www.digicert.com/code-signing/ which was suggested in https://gitlab.com/gitlab-org/gitlab-runner/issues/2483#note_31521028. At the moment GitLab.com seems to be using a certificate from `Sectigo` which they also offer a code signing product https://sectigo.com/signing-certificates/code-signing - Use [`SignTool`](https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool?redirectedfrom=MSDN) to sign the certificates *For development and testing we can use a tool such as [MakeCert](https://docs.microsoft.com/en-us/windows/win32/seccrypto/makecert) and [Cert2SPC](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cert2spc) for development and testing before buying the actual cert*