I have coded an NWjs Windows application (Chromium application) and using Inno Setup, I have signed it using a self-signed certificate. However, I get the "Windows protected your PC" message when trying to install it from the web. I wonder now if signing my application with this self-signed certificate is useless because I get the same result when I don't sign the application and package it as it is.
When I click "more info" it states that the publisher is unknown in both cases when I sign the application with a self-signed certificate and without a self-signed certificate.
I wonder if after sometimes, the data (like the CN of the subject) of the certificate helps to get some reputation when the application is distributed on the internet. I wonder if a self signed certificate help to get rid of the "Windows protected your PC" message after sometimes.
Self-signed certificates are useful only, if can make them trusted on the target machine, by manually adding them to Windows certificate store.
If you want your application to be installed on machines that you do not control, self-signed certificates are useless.
I wonder if a self signed certificate help to get rid of the "Windows protected your PC" message after sometimes.
No. Since everyone can generate a certificate himself, Windows cannot trust all of them and therefore cannot remove the message.
However, it can still be a good idea to sign an executable with your own certificate, if you publish the public key and provide it for people to check whether or not the executable was indeed provided by you. It will be useful for people with some IT or security knowledge.
来源:https://stackoverflow.com/questions/54303513/is-it-useless-to-sign-my-windows-application-with-a-self-signed-certificate