“signature is corrupt or invalid” downloading from IE

Question

I got a Certum certificate to sign my C# application. Everything seems to be ok and I can execute the application and also see the valid certificate on it.

But, if I

Answer 1

Even though my code signing certificate had a SHA2 hash, I still got the invalid or corrupt signature error when downloading the file in IE / Edge.

Apparently it is also required that the code signing certificate is issued by a CA with a SHA2 hash.

After contacting Verisign / Symantec support, they directed me to the following guide for reissuing my certificate:

• https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO21217

this changed my intermediary CA from "VeriSign Class 3 Code Signing 2010 CA" (SHA1) to "Symantec Class 3 SHA256 Code Signing CA" (SHA256), and now IE / Edge don't report any errors

Answer 2

I had to remove KB3124263 (had installed on the 14th for me) to return functionality :-(

Answer 3

OK, now I can say: THERE IS NO SOLUTION!

At least not for the moment (January 2016).

1. All new certificates must have a SHA-2 hash on Windows7/8 and Windows 10
2. Certum doesn't have SHA-2 certificates for the OpenSource option Since february also the OpenSource certificate from Certum has SHA-2 hash possibility!

So, if you want create an application for WindowsXP, you can use the Open Source Sign from Certum. If you want sign your application for a new OS, you will only loose your money if you buy a Certum OpenSource certificate!