Hello, we are in the development/testing phase of a PB2019R3 app that we want to deploy with Powerclient. We've run into our first case of a test user not being able to launch our app because of the antivirus software BitDefender on their laptop. I was hoping that signing our application will ease this issue that BitDefender has with our .exe. However, I'm having trouble getting Powerclient to sign the app.
I have installed MS's signtool.exe and read about its syntax. I have created a self-signed certificate using the Powershell commandlet New-SelfSignedCertificate. I exported that certificate as a pfx file (with a pw). I filled out the 'Signing' page of the Powerclient project with the location of signtool.exe, location of the pfx file, the pw, the algorithm SHA256, and left the URL of the timestamp server as digicert's URL. I then tried to build and deploy the Powerclient project, but it fails at the end with "Failed to sign the application...". I tried again with blanking out the URL of the timestamp server, because this is a self-signed certificate. It didn't like that ... "The application signature information is incorrectly configured".
1) Can a self-signed certificate be used for testing a Powerclient deployment?
2) Can you use a certificate that isn't timestamp verified?
3) Is there a way to get more information about why the application is failing to get signed?
4) I don't know much about certificates, but some can't be exported as pfx files (at least with the certmgr.msc app). Can only .pfx certificate files be used for Powerclient signing?
5) this link, Create a certificate for package signing - MSIX | Microsoft Docs, discusses how the 'subject' of a self-signed certificate needs to match the 'publisher' in your apps manifest file. I have never used manifest files for my apps. Could this be what is causing the problem. I just matched the 'subject' to 'company name' on the Powerclient 'General' page.
6) We will be be requesting a certificate for a new company name in the near future, and we have used digicert for our main company. Do I need to request anything special to have a certificate that can be exported to a .pfx file?
For now, I'll also be looking for documentation on how to let BitDefender Endpoint Security Tools trust an application, but from a short Teams meeting with this user, we didn't see a way to create or exclude our application from its scans. Their machines may be tightly managed and we may have to request their IT dept to add an exclusion rule.
Regards and TIA, Glenn S.