Back when SHA-1 certificates were being phased out, you could double sign an executable using SHA-1 and SHA256 to maintain compatibility with Windows XP validation.
When I renewed my code signing certificate I bought an EV certificate to avoid the period where Windows pops up warnings because it is a new and unknown certificate.
I wondered whether it is possible to get a new certificate overlapping the old one, and maybe double sign the executable so by the time the first one expires the new one has some history? Or maybe distribute executables signed by the new certificate inside the installer signed by the old one?
3 year standard certificates overlapping by e.g.12 months would be a much better proposition than buying EV certificates.
Does anyone know whether this is feasible?