Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: code signing



Permlink Replies: 56 - Last Post: Mar 18, 2018 9:43 AM Last Post By: Mike Margerum
Frank Marousek

Posts: 14
Registered: 10/9/06
code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 10:07 AM
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Mike Margerum

Posts: 590
Registered: 12/1/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 10:23 AM   in response to: Frank Marousek in response to: Frank Marousek
On 3/5/18 1:07 PM, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.

Free.

https://letsencrypt.org
David Erbas-White

Posts: 202
Registered: 10/11/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 10:42 AM   in response to: Mike Margerum in response to: Mike Margerum
On 3/5/2018 10:23 AM, Mike Margerum wrote:
On 3/5/18 1:07 PM, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.

Free.

https://letsencrypt.org

BZZZZZTTT!!! Wrong answer.

Just looked at their site - they do NOT offer code signing (they
explicitly say so). They are for website SSL certificates only.

I use DigiCert myself. I'm not happy with prices of code signing
certificates, but it's part of the cost of doing business...

David Erbas-White

David Keith

Posts: 196
Registered: 12/10/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 11:51 AM   in response to: Frank Marousek in response to: Frank Marousek
On 3/5/2018 13:07, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
We used GoDaddy. Don't like the vendor, but they get the job done.

It's a bit complex as they require the cert to be bound to the
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.

Obviously if you plan on changing binaries, file names, binary
signatures etc. frequently the shorter term might be best. If you don't
anticipate your binary changing much you could opt for the longer term.

Each term is priced based on the length of time the cert will be valid.
At least that's how GoDaddy priced it when we did this a few years ago.,

YMMV

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Luigi Sandon

Posts: 353
Registered: 10/15/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 1:35 AM   in response to: David Keith in response to: David Keith
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Luigi Sandon

Posts: 353
Registered: 10/15/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 1:35 AM   in response to: David Keith in response to: David Keith
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

<message duplicated due to a server error, remove if possible>

Edited by: Luigi Sandon on Mar 7, 2018 10:39 AM
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 5:04 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 5:10 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 5:40 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 6:10 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 6:40 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 7:10 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 7:40 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 8:10 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 8:40 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 8:43 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 9:09 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 9:10 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
Matthew Jones

Posts: 337
Registered: 1/25/98
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 9:15 AM   in response to: Luigi Sandon in response to: Luigi Sandon
Luigi Sandon wrote:

The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.

Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right.
R Sinimae

Posts: 3
Registered: 9/24/16
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 9:10 PM   in response to: Frank Marousek in response to: Frank Marousek
Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/
Mark Marks

Posts: 269
Registered: 9/11/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 5, 2018 9:20 PM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:

Using KSoftware (re-selling Comodo) and we like them for service and
price. Singed app is detected as signed and trusted on all windows
versions without the popups

http://www.ksoftware.net/

Ditto

Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 10:29 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 10:30 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 10:59 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 1:00 PM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 3:05 PM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 5:11 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 5:13 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 5:17 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 5:36 AM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 3:03 PM   in response to: Mark Marks in response to: Mark Marks
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.

On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
Olivier Sannier

Posts: 424
Registered: 8/26/01
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 8:08 AM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:
Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/

Same here, very nicely priced.
Olivier Sannier

Posts: 424
Registered: 8/26/01
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 8:08 AM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:
Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/

Same here, very nicely priced.
Uffe Kousgaard

Posts: 218
Registered: 2/7/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 3:34 AM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:


+1

Using the 4 year certificate now and it isn't the first one from them.
Brandon Staggs

Posts: 683
Registered: 3/3/01
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 5:53 AM   in response to: R Sinimae in response to: R Sinimae
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/

+1 for K-Software.

--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com
Brandon Staggs

Posts: 683
Registered: 3/3/01
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 5:55 AM   in response to: R Sinimae in response to: R Sinimae
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/

+1 for K-Software.

--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com
Uffe Kousgaard

Posts: 218
Registered: 2/7/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 4:14 AM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:


+1

Using the 4 year certificate now and it isn't the first one from them.
Brandon Staggs

Posts: 683
Registered: 3/3/01
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 5:22 AM   in response to: R Sinimae in response to: R Sinimae
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:

Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups

http://www.ksoftware.net/

+1 for K-Software.

--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com
Uffe Kousgaard

Posts: 218
Registered: 2/7/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 14, 2018 12:14 AM   in response to: R Sinimae in response to: R Sinimae
R Sinimae wrote:

Using KSoftware (re-selling Comodo) and we like them for service and
price. Singed app is detected as signed and trusted on all windows
versions without the popups

http://www.ksoftware.net/

+1
Frank Marousek

Posts: 14
Registered: 10/9/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 14, 2018 5:27 AM   in response to: Uffe Kousgaard in response to: Uffe Kousgaard
Thank you to everyone for the feedback. Looks like ksoftware appears to
be a good option and I plan to look into it.
Mike Margerum

Posts: 590
Registered: 12/1/99
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 15, 2018 6:29 AM   in response to: Frank Marousek in response to: Frank Marousek
On 3/14/18 8:27 AM, Frank Marousek wrote:
Thank you to everyone for the feedback. Looks like ksoftware appears to
be a good option and I plan to look into it.

Why doesnt Microsoft handle the signing like apple does with macos and ios?
R Sinimae

Posts: 3
Registered: 9/24/16
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 15, 2018 8:36 AM   in response to: Mike Margerum in response to: Mike Margerum
Mike Margerum wrote:
Why doesnt Microsoft handle the signing like apple does with macos and ios?

You mean charge you $99 per year, require all apps to go thru approval process and can only be distributed thru their app store ?

Thanks but no

Raul

NB! At least for mobile - not familiar enough with macOS side

Edited by: R Sinimae on Mar 15, 2018 8:37 AM
Mike Margerum

Posts: 590
Registered: 12/1/99
Re: code signing [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 18, 2018 9:43 AM   in response to: R Sinimae in response to: R Sinimae
On 3/15/18 11:37 AM, R Sinimae wrote:
Mike Margerum wrote:
Why doesnt Microsoft handle the signing like apple does with macos and ios?

You mean charge you $99 per year, require all apps to go thru approval process and can only be distributed thru their app store ?

Thanks but no

Raul

NB! At least for mobile - not familiar enough with macOS side

Edited by: R Sinimae on Mar 15, 2018 8:37 AM

I assumed we were talking desktop here since both mobile OS require
signing so there's no point in ranting about that.

Windows S requires the approval process no?

You do not have to go through the apple app store to sign an app and
deploy it on MacOS. You do need to sign your app to allow it to run
(gatekeeper) though which is a good thing IMO. Gatekeeper in on by
default which makes sense but you can always run an unsigned app if you
choose to by alt clicking.
Björn Schreiber

Posts: 11
Registered: 10/7/06
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 8:28 AM   in response to: Frank Marousek in response to: Frank Marousek
Am 05.03.2018 um 19:07 schrieb frank@n-c-systems.com:

Anyone got any experiences with this?

First of all some information: http://www.davidegrayson.com/signing/

There are different kinds of code signing certificates. If you only
want to display the correct information in the UAC dialog (bypassing is
not possible), you need a simple code signing certificate from a well
trusted vendor (which root certificate is already known by Windows).
If your customers use Microsofts SmartScreen filter, you might get in
trouble. My last information is that if you use only a simple signing
certificate, you must gain reputation in order to bypass all SmartScreen
warnings. Or you use a code signing certificate with extended validation
(EV) in order to get on the SmartScreen white list automatically.
This is what we use because we had a customer which was not allowed
to bypass Microsoft SmartScreen filter.

At the time we start looking for a proper certificate I had some
problems to get the right information which certificate a vendor offers:
a normal code signing certificate or a certificate with EV. F.e. thawte
only offered simple code signing certificates at that time while
GlobalSign offered certificates with EV, too. A good hint for a EV
certificate seems to be an extra hardware token.

We decided a year ago to buy an 1 year EV certificate from
GlobalSign. We got an USB token, which must be plugged in while signing
our software, using Microsofts signing tool. Each signing process must
be authorized by entering a password.
We now decided to renew the certificate, this time for 3 years which
was much cheaper.
Btw, AFAIK the certificate duration is only good for signing new
software. Already signed programs don't get unusable.

(For the sake of completeness there is a third class of certificates
if you want to sign drivers. But I doubt that you ask for it because you
can't develop drivers using Delphi).

hth,
Björn.
--
DRIGUS Systeme GmbH
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 10:01 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 10:02 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 10:05 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 6, 2018 11:48 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 12:14 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 4:11 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 7, 2018 6:00 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 12:04 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 5:50 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 8, 2018 9:23 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2018 12:42 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 11, 2018 1:26 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: code signing
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 14, 2018 6:59 AM   in response to: Frank Marousek in response to: Frank Marousek
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)

If you take buy links from this Microsoft page:

https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate

you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.

Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.

Angus
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02