Hi, thanks for writing back. I'm not a Windows developer, but I think what we need is something like the description at https://stackoverflow.com/questions/252226/signing-a-windows-exe-file. Use SignTool.exe (from the Windows SDK) to apply a certificate to the .exe, probably after using MakeCert.exe (also from the Windows SDK) to create that self-signed certificate.
-Morgan
Internal Use - Confidential -----Original Message----- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Sent: Wednesday, July 23, 2025 1:09 PM To: Clark, Morgan <Morgan.Clark@dell.com> Cc: x2go-dev@lists.x2go.org Subject: [X2Go-Dev] Re: digitally signed x2go client installer package?
[You don't often get email from mike.gabriel@das-netzwerkteam.de. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
[EXTERNAL EMAIL]
Hi Morgan,
On Mo 14 Jul 2025 15:58:02 CEST, Clark, Morgan wrote:
Hi, This is a note I sent to the x2go-dev list before I managed to find and follow the steps to get myself added to the list. From some back-and-forth with the moderator, it appears that x2go already has a detached signature, but our IT department told me that doesn't work, they need the signature to be embedded in the installer. I gather that the expense of a trusted CA-issued certificate is out of your budget, but it sounded like our IT department would be ok with a self-signed certificate (not ideal but it sounded like that would satisfy the signing requirement). Would it be possible to issue the current Windows release in an internally signed format?
====================================================================
Sometimes, like here, in the corporate world there are restrictions on what software is allowed to be used, and in Dell's case one restriction is that an installer package needs to be digitally signed to verify that the installer we use is in fact the genuine article. Unfortunately the MS Windows installer at http://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe does not appear to be digitally signed, so they won't let us use it.
Would it be possible to create and publish a Windows installer that is digitally signed by the x2go organization? It's a very useful tool for our environment where most of our work is done on systems remote from our desktops, and is better performing and more capable than any alternative we've found, especially over WAN links.
Thanks for considering our request,
-Morgan
We can surely GPG-sign the installer but I am not sure if that is helpful to you.
Of course, we have no current plans as a community to get the X2GoClient_latest_mswin32_setup.exe signed by some official entity such as Microsoft.
So, what kind of signing do you have in mind? Any docs that explain the required process?
Mike
--
DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de/