Shoutout: Azure Trusted Signing
-
@Christoph-Hart no it doesn't, but no one ever complains about that as we know. I'm assuming Azure does?
DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
https://dhplugins.com/ | https://dcbreaks.com/
London, UK -
@Christoph-Hart I'll have to do some tests. According to the website it's just base reputation which I believe is a level below what EV provides.
-
but no one ever complains about that as we know.
Yeah it takes a particularly annoying customer that would get vocal about this, but it certainly isn't giving the best first impression. It's not critical and I too have been raw dogging the installers on Windows for years but this is the first time that I think the cost / benefit ratio is reasonable.
According to the website it's just base reputation which I believe is a level below what EV provides.
What additional benefits do the EV certificates have? I just care about getting rid of that nasty popup, I couldn't bother less about making my software more secure lol.
-
@Christoph-Hart said in Shoutout: Azure Trusted Signing:
What additional benefits do the EV certificates have?
If the signed installer doesn't have enough reputation it will be flagged by the smartscreen filter. The user will see warning messages when they try to download or run the installer.
This kind of thing
EV certificate allows you to bypass the reputation building stage - which must be repeated for every new version apparently.
-
@Christoph-Hart said in Shoutout: Azure Trusted Signing:
But does this prevent the popup in the installer?
Submitting to the Defender analysis does, tho it takes 3 weeks. But once you build reputation (either that way or through installs, it won't ever pop up (that was my idea with having an installer that just installs the .dat files you ship with it - you're always shipping the same .exe and don't have to rebuild reputation with SmartScreen for every new patch or plugin.
-
@Christoph-Hart Did you have to go through the whole ordeal of getting a DUNS number?
-
@aaronventure no my Tax ID that I'm using as sole proprietor was fine.
-
@Christoph-Hart is this it here:
https://azure.microsoft.com/en-us/products/trusted-signing#pricing
?
DHPlugins / DC Breaks | Artist / Producer / DJ / Developer
https://dhplugins.com/ | https://dcbreaks.com/
London, UK -
@DanH No, the pricing model is mentioned here:
Note that this is preliminary (and I think at the moment it's even free), but I find it quite reasonable.
-
@Christoph-Hart said in Shoutout: Azure Trusted Signing:
I used a self-signed certificate to sign the AAX plugin
I've just setup Azure signing for my upcoming packaging course and have been following various guides online - all of which seem to be slightly wrong or confusing.
For AAX signing if you're following the Koala DSP guide it has a whole setup thing about using a python and batch script. Ignore that, go to the PACE documentation and look-up the
--explicitsigningoptionsflag, it includes an example. Just copy that and you're good to go.It's important to put quotes around all file paths and if you have nested file paths you'll need to escape the quotes on the inner paths (
\"mypath\").
