# Purpose

We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt.

# Obtaining a Code Signing Certificate

Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html
Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free)
The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf

# Signing a File

[Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16

Open a "Developer Command Prompt for VS".

![](developerprompt.png)

 ```
 # Sign a file with your certificate.
 SignTool sign /t http://timestamp.comodoca.com /f codesigning.p12 /p <Password> file.exe
```

![](signfile.png)

You should see something like this:

![](donesigning.png)

# Creating the Setup File

I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app.

## Server

First of all, you'll want to install Golang: https://golang.org/dl/
Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt:

```
go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo
```

This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use.

[Configuration options / usage.]

## Firewall Rule

go-powershell

```
import(
  "os"
  "fmt"
  "log"
)
func main() {
	dir, err := os.Getwd()
	if err != nil {
		log.Fatal(err)
	}
```
```
var dirs string = "New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe'"
```




You should see something like this:

![](addfirewallrule.png)

Manifest file:

```
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
        <security>
            <requestedPrivileges>
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
            </requestedPrivileges>
        </security>
    </trustInfo>
</assembly>
```

## Put Server In Setup File

fileb0x