Video Screencast Help

Do signed assemblies/dlls require net connection for validation at startup

Created: 17 Dec 2013 • Updated: 06 Jun 2014 | 1 comment
This issue has been solved. See solution.

My company provides Windows based software products to clients in the form of DLLs and exes (both managed/.NET and unmanaged).  Some of our clients run our products on machines that have no internet/network connection in isolated environments.  We're wondering if we should sign (i.e., using Symantec Code Signing) our exes/dlls as we've seen posts of long dll load times as validation occurs at startup that requires internet connection?  Is this a concern?

Related questions:

1) Does a signed DLL/EXE attempt to validate its signing/certificate at startup to the point that a network/internet connection is required or optimal?

2) Do things work differently for the above based on whether managed or unmanaged DLLs?

3) Does the Generatepublishevidence property setting influence the above?


Operating Systems:

Comments 1 CommentJump to latest comment

DomSYMC's picture

Code signing does not require any internet connection in order to check the certificate at time of download or installation of a signed application.

What is happening when a customer is downloading your application let say from a CD for example, the certificate is referencing the already installed roots that are already installed on your customers operating system. So when a customer is connecting without a internet connection they will still be able to trust the certificate and not get a unknown publisher from your signed application.