Steps to reproduce
I am sure you have your own ftp site to try this on but if you want to download my msi and verify it yourself with signtool then here you go:
IE and Edge should not be telling users that the signature is invalid when in fact it is.
Dev Channel specific:
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “Sermet I.”
Changed Assigned To from “Sermet I.” to “IE S.”
Changed Status to “By design”
Thank you for providing this information about the issue. Edge and IE are working as designed; the msi is signed with an SHA1 certificate, which is no longer considered valid. Please refer to http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx for information about this change.
The MS Edge Team