Authenticode signatures can help identify the publisher of a binary file and can help ensure that a binary file has not been modified since publication. In addition, when an application launches on Microsoft Windows 10/8.1/7, User Account Control (UAC) determines whether to grant the application administrator privileges and displays your company as the publisher when confirming elevation. Refer to Microsoft documentation for more information about Authenticode signatures.

Add an Authenticode signature to a TestStand user interface you create when you plan to allow users to download the user interface from a non-trusted public site and you want the operating system to identify your company as the publisher of the user interface. Also add an Authenticode signature to a user interface you create when the user interface requires administrator privileges to run on Windows and you want the UAC elevation prompt to identify your company as the publisher of the user interface.

To verify an Authenticode signature, the requesting computer must connect to the Internet to obtain a current Certificate Revocation List (CRL). For .NET applications, the .NET Common Language Runtime (CLR) verifies Authenticode signatures for assemblies. If the computer that loads the assembly is not connected to the Internet, the CLR waits 15 seconds before timing out.

Complete the following steps to disable CRL validation in Microsoft Internet Explorer to avoid the timeout period on the computer, even when the default browser on the computer is not Internet Explorer. Using the Internet Explorer Internet Options to disable CRL validation does not expose the computer to any additional security threats.

  1. Navigate to the standard Windows Control Panel facility for Internet options and click the Advanced tab.
  2. In the Security section, disable the Check for publisher's certificate revocation option.

Alternatively, you can disable CRL validation by setting the registry key value of HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State to 0x00023e00. To enable CRL validation, set the registry key value to 0x00023c00.

When you disable CRL validation to avoid the timeout period, the CLR does not validate Authenticode-signed assemblies and does not grant the assemblies publisher evidence or publisher identity permissions, which is the same result when a timeout occurs. If the assemblies need these permissions, the computer must connect to the Internet or you must download a current CRL every 10–15 days.

As an alternative to disabling CRL validation for the entire computer, you can work around CRL validation if an application that uses the .NET Framework 2.0 and that has an Authenticode signature experiences the 15-second load time delay. Microsoft provides a fix you can download so you can correct this delay for .NET Framework 2.0 applications. The .NET Framework 2.0 Service Pack 1 also includes this fix. Refer to the Microsoft support article at support.microsoft.com/kb/936707 for more information about correcting delays in .NET Framework 2.0 applications that use Authenticode signatures.

The TestStand Sequence Editor and user interface examples do not include Authenticode signatures because NI distributes TestStand through trusted channels and because the sequence editor and user interface examples do not require administrator privileges to run on Windows. Additionally, NI finds the 15-second load time delay on isolated networks unacceptable and believes that you should use discretion when disabling CRL validation. Therefore, when you run the sequence editor or example user interfaces as administrator on Windows, the UAC elevation prompt does not identify the sequence editor or example user interface as a NI product.