Codesigning - Windows
-
@d-healey i just bought a windows asus duo pc. with all that there are recent folds inside. I had a message of this style, that my plugin was surely something not verified and therefore dangerous. I simply cut my perfume and their crappy antivirus. and everything is ok. i really hope windows won't piss off like mac with their crappy certificate. sorry I had to evacuate ^^
-
Just Bundle The .dll Files, And Give The Choice To Your Customer, It Works For Me.
And Remember Windows People Are Not Mac Cutey Teenagers, They Do Hack Stuffs, And Know The Environment Of Windows Very Well...
So Copy & Pasting Dll Files Are More Welcome Here -
@Christoph-Hart Which company did you buy the certificate from?
-
I'm using https://comodosslstore.com/
-
@dustbro Ok so you buy a certificate - what next?
-
Me trying to remember the company:
-
@Lindon Install the certificate on your machine (.p12 file), and then pass the private key to your code signing software.
I'm using Pace, so I add it to the command line wrap configuration with:--signid <your dsig ID>
-
@dustbro "Pace" --- shudder....;-)
-
The price is prohibitive, so maybe when I'm sure to earn enough I'll have a second thought...
-
@Christoph-Hart said in Codesigning - Windows:
Ok, I will list you the order of events that I went through when trying to acquire a code-signing certificate:
I'm at about step 6 here and I think I'm going to give up. Agreed, probably not worth it.
-
@Lunacy-Audio said in Codesigning - Windows:
@Christoph-Hart said in Codesigning - Windows:
Ok, I will list you the order of events that I went through when trying to acquire a code-signing certificate:
I'm at about step 6 here and I think I'm going to give up. Agreed, probably not worth it.
Yes definately. I can live without doing it and it's not worth it.
-
@dustbro have you actually paid for that extra smartscreen thingie? I found that to be particularly scammy as it's literally "Give me money or I will harass your customers for no reason".
The more I think about the subject the more I wonder why this is legally possible...
-
@Christoph-Hart said in Codesigning - Windows:
The more I think about the subject the more I wonder why this is legally possible...
Money makes anything legal...
-
Clearest instructions I've found so far https://www.ssl.com/how-to/using-your-code-signing-certificate/
-
@d-healey but it starts at list item #14 in my procedure ;)
-
@d-healey so then I should be able to use my Apple Developer Application Certificate - as I think this exports as a P12 file....
-
@Lindon Nope that doesn't work. Apple is not a certified signing entity on Windows. Now why that is the case and why a bullshit company like Comodo should be anymore trustworthy than Apple, speaks volumes about the actual motives behind this.
https://stackoverflow.com/questions/12468783/code-sign-windows-programs-with-apple-certificate
-
@Christoph-Hart thanks - Yes the politics is pretty stinky.... hey ho...
-
I finally looked into this. The process for me was mostly painless, just a bit slow.
First, if you're not getting an EV certificate then I don't think there is any point in going any further. To get an EV certificate requires you to pay more and jump through some hoops.
I bought the EV certificate from signmycode.com. No matter which company you buy from it seems all the certificates come from Sectigo/Comodo, so just find the cheapest you can. Gone are the days when the prices @Dan-Korneff posted were available. You're looking at 3x that price now.
Next they want to verify who you are. This involves giving them details about your business (you must have a business to get an EV certificate).
I have a registered limited company in the UK, so I'm off to a good start. Then I also got a phone call where I had to give more info.
Then came the waiting. Two weeks later (today) a dongle arrives. I plug it into my Windows VM, download their certificate management software, login with the password they emailed me, and accessed my certificate.
Then it's a one line command (which they provided in the email) to codesign my binary.
So I'm quite happy, except for the expense and waiting. The process was very easy for me. If you don't have a registered business and D.U.N.S number then it will be more difficult for you.
-
I am using ssl. com code signing certificate since a long.