Home/ Questions/Q 7620663
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T03:59:26+00:00

Currently I generate an installer for a program using NSIS on a Linux machine.

  • 0

Currently I generate an installer for a program using NSIS on a Linux machine. The NSIS binaries have been compiled for Ubuntu, and using the .nsi script presents no difficulties. However, the resulting setup.exe file is unsigned. This results in scary warnings for our users who download the installer via most common web browsers, as well as warnings from Windows itself when run.

We’d like to avoid these warnings, and unless I’m missing something, that requires using a Windows tool to sign the generated setup.exe file. Is there a way to do this on a non-Windows machine?

Unfortunately, each installer is unique (different files are bundled depending on the customer’s request, and a unique ID included) so I cannot sign the installer on a Windows machine and then upload it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I had to do it a few weeks ago, without using wine. What I did was to import the pfx file to windows and then exported it with “Include all certificates in the certificate path if possible” option. then I followed the instruction on this page .

    After you have all the certs (spc and pvk files) you should use the following command:

    signcode -spc [spc file] -v [pvk file] -a sha1 -$ commercial -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 [exe file to sign]

    I had to install mono-dev pack: 

    sudo apt-get install mono-devel
    • 0