We have signed our product installation using SignTool.exe and GoDaddy certificate, and our signature appears valid in windows and using "verify" option of SignTool. However, when the file is downloaded in Internet Explorer 9, it reports that "The signature of is corrupt or invalid".
We obviously don't want our users to have problems with installation of our setup, so I need help in fixing it. Strange that there is basically no help on this issue online.
Microsoft released a security update on January 12th 2016. This update has changed the way Windows enforces authenticode code signing and timestamping.
If your code signing certificate has a SHA1 signature, anything signed with such a certificate after the end of 2015 was being flagged as an invalid signature. So you will need to have your certificate re-issued to meet the new requirements.
Take a look at this article: Renew your Windows code signing certificates by December 31, 2015.