# Purpose We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt. # Obtaining a Code Signing Certificate Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free) The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf # Signing a File [Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16 Open a "Developer Command Prompt for VS". ![](developerprompt.png) ``` # Sign a file with your certificate. SignTool sign /t http://timestamp.comodoca.com /f codesigning.p12 /p file.exe ``` ![](signfile.png) You should see something like this: ![](donesigning.png) # Creating the Setup File I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app. ## Server First of all, you'll want to install Golang: https://golang.org/dl/ Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt: ``` go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo ``` This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use. [Configuration options / usage.] ## Firewall Rule go-powershell ``` import( "os" "fmt" "log" ) func main() { dir, err := os.Getwd() if err != nil { log.Fatal(err) } ``` ``` var dirs string = "New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe'" ``` You should see something like this: ![](addfirewallrule.png) Manifest file: ``` ``` ## Put Server In Setup File fileb0x