Windows codesigning certificate - Any suggestions?

HISEnberg

I've been putting it off for too long now. What does everyone use? Any "painful" experiences with any that I should stay away from?

d.healey

@HISEnberg I use this - https://signmycode.com/comodo-ev-code-signing

It's expensive and you need to have a registered company.

If you're in the US or Canada, and you're a registered company, you can use Azure codesigning which is much cheaper - https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/

HISEnberg

@d-healey yesss I tried Azure but I don’t have a registered company so both of those are off the table for me I believe

dannytaurus

@HISEnberg Might be an idea to wait and see how the Azure system rolls out.

Sounds like they'll open it up more over time.

Lindon

@d-healey said in Windows codesigning certificate - Any suggestions?:

@HISEnberg I use this - https://signmycode.com/comodo-ev-code-signing

It's expensive and you need to have a registered company.

If you're in the US or Canada, and you're a registered company, you can use Azure codesigning which is much cheaper - https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/

I spoke to someone in sales at M'soft this last week about this - and they said I can sign with azure even tho I'm in the UK and not a registered company....but they were in sales....

d.healey

@HISEnberg said in Windows codesigning certificate - Any suggestions?:

so both of those are off the table for me

You can still go with signmycode, you just can't get an EV certificate, you have to go with the standard one.

jack_scott

@d-healey said in Windows codesigning certificate - Any suggestions?:

@HISEnberg said in Windows codesigning certificate - Any suggestions?:

so both of those are off the table for me

You can still go with signmycode, you just can't get an EV certificate, you have to go with the standard one.

I've bought Certera codesigning from them last year. Satisfied so far.

jeffd

@d-healey
does the standard certifcate work to thwart the Microsoft defender smartscreen ?

i know that some plugins i install from legit devs still look like they are from untrusted sources.

im not really sure how this works...
ive read that getting rid of that defender smartscreen depends upon the number of installations, and then it will be gradually removed over the period of time.

jeffd

@jeffd
also saw this

HISEnberg

@dannytaurus Yes I have been waiting for Azure to open up for some time now. It looks like the best solution for price point for sure. Like @d-healey mentioned, it's only available in Canada & the USA, which applies to me, but you have to have a registered business that is at least 3 years old, which disqualifies me (and they are quite adamant about this, I already got rejected).

After what @Lindon mentioned I opened a support ticket and they literally called me as I was writing this. They told me it was possible to open without a business, but I think the customer support has no idea what they are talking about. I'll try and keep this thread alive if I have any success.

I'm gonna probably pull the trigger on an IV Code-Signing in the meantime and narrowed it down to SSL.com: $129/year (it's the cheapest and is cloud-based, no dongle).

@jeffd in short no, the standard certificate (IV Code signing) won't get rid of the warning, but should stop antivirus software and microsoft from interrupting the install process. If you have this certificate and your plugin has enough downloads, the virus warning will eventually go away.

I believe the EV certificate will remove the warning altogether, but you need a registered business and a willingness to say goodby to a few hundred dollars a year.

Interesting warning you posted though, it sounds like "All code signing certificates (EV and non-EV) will be treated equally" if they meet the Microsoft Standards. The language is very particular and obscure.