My old build script has been saving multiple SHAs without problems for years.
Nowadays, when the cert is located on USB TOKEN, the signtool does not seem to store multiple SHAs on EXEs, even when these are both signed in the newer batch file (see below); the file appears to have only SHA384.
I would still like to make my installer exe compatible with older Win7 devices etc.How can I make EXE that is compatible for as wide audience as possible, even if someone uses IExplorer?
MY OLD SCRIPT:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /a %1"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha1 /fd sha1 /a %1"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha384 /fd sha384 /a %1MY NEW SCRIPT (FOR TOKEN):
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /a %1"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha384 /fd sha384 /a %1