Shoutout: Azure Trusted Signing
-
@d-healey yup, the certificate is from Microsoft so the reputation should be fine, but I'm no expert here...
That's what I see when I inspect the signature:
-
Currently InnoSetup 6.0.3 and LazySign (self signing tool) is working for me...
But does this prevent the popup in the installer? Last time I checked this didn't work (I used a self-signed certificate to sign the AAX plugin, but I couldn't get it to silence the installer warning).
-
@Christoph-Hart no it doesn't, but no one ever complains about that as we know. I'm assuming Azure does?
DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
https://dhplugins.com/ | https://dcbreaks.com/
London, UK -
@Christoph-Hart I'll have to do some tests. According to the website it's just base reputation which I believe is a level below what EV provides.
-
but no one ever complains about that as we know.
Yeah it takes a particularly annoying customer that would get vocal about this, but it certainly isn't giving the best first impression. It's not critical and I too have been raw dogging the installers on Windows for years but this is the first time that I think the cost / benefit ratio is reasonable.
According to the website it's just base reputation which I believe is a level below what EV provides.
What additional benefits do the EV certificates have? I just care about getting rid of that nasty popup, I couldn't bother less about making my software more secure lol.
-
@Christoph-Hart said in Shoutout: Azure Trusted Signing:
What additional benefits do the EV certificates have?
If the signed installer doesn't have enough reputation it will be flagged by the smartscreen filter. The user will see warning messages when they try to download or run the installer.
This kind of thing
EV certificate allows you to bypass the reputation building stage - which must be repeated for every new version apparently.
-
@Christoph-Hart said in Shoutout: Azure Trusted Signing:
But does this prevent the popup in the installer?
Submitting to the Defender analysis does, tho it takes 3 weeks. But once you build reputation (either that way or through installs, it won't ever pop up (that was my idea with having an installer that just installs the .dat files you ship with it - you're always shipping the same .exe and don't have to rebuild reputation with SmartScreen for every new patch or plugin.
-
@Christoph-Hart Did you have to go through the whole ordeal of getting a DUNS number?
-
@aaronventure no my Tax ID that I'm using as sole proprietor was fine.
-
@Christoph-Hart is this it here:
Trusted Signing—Managed Signing Services | Microsoft Azure
Secure your applications with a fully managed end-to-end signing service for code, documents, applications, and more with Trusted Signing from Microsoft Azure.
(azure.microsoft.com)
?
DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
https://dhplugins.com/ | https://dcbreaks.com/
London, UK -
@DanH No, the pricing model is mentioned here:
Note that this is preliminary (and I think at the moment it's even free), but I find it quite reasonable.
