|
Replies:
56
-
Last Post:
Mar 18, 2018 9:43 AM
Last Post By: Mike Margerum
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
|
|
|
Posts:
590
Registered:
12/1/99
|
|
On 3/5/18 1:07 PM, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Free.
https://letsencrypt.org |
|
|
|
|
Posts:
202
Registered:
10/11/99
|
|
On 3/5/2018 10:23 AM, Mike Margerum wrote:
On 3/5/18 1:07 PM, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Free.
https://letsencrypt.org
BZZZZZTTT!!! Wrong answer.
Just looked at their site - they do NOT offer code signing (they
explicitly say so). They are for website SSL certificates only.
I use DigiCert myself. I'm not happy with prices of code signing
certificates, but it's part of the cost of doing business...
David Erbas-White |
|
|
|
|
Posts:
196
Registered:
12/10/99
|
|
On 3/5/2018 13:07, Frank Marousek wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
We used GoDaddy. Don't like the vendor, but they get the job done.
It's a bit complex as they require the cert to be bound to the
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.
Obviously if you plan on changing binaries, file names, binary
signatures etc. frequently the shorter term might be best. If you don't
anticipate your binary changing much you could opt for the longer term.
Each term is priced based on the length of time the cert will be valid.
At least that's how GoDaddy priced it when we did this a few years ago.,
YMMV
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus |
|
|
|
|
Posts:
353
Registered:
10/15/99
|
|
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked. |
|
|
|
|
Posts:
353
Registered:
10/15/99
|
|
development machine, it expires and has to be renewed etc. So depending
on how long you anticipate your binary being downloadable, you may want
a 1,2 or 3 year cert.
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
<message duplicated due to a server error, remove if possible>
Edited by: Luigi Sandon on Mar 7, 2018 10:39 AM |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
337
Registered:
1/25/98
|
|
Luigi Sandon wrote:
The certificate has to be valid at the time the application is signed - and the signature timestamped. The timestamp ensures the signature is valid even after the certificate has expired, as long as it isn't revoked.
Indeed, that is the way anyone would normally want it to be done. The timestamp keeps it alive forever. However, it is (unusually) possible to not time stamp it so that it does indeed expire, and thus becomes less usable (probably will run anyway, but without valid certificate any more). You'd have to be wanting something special to do this, or you forgot to do it properly, which is more likely. Worth knowing about though to be sure you get it right. |
|
|
|
|
Posts:
3
Registered:
9/24/16
|
|
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/ |
|
|
|
|
Posts:
269
Registered:
9/11/00
|
|
R Sinimae wrote:
Using KSoftware (re-selling Comodo) and we like them for service and
price. Singed app is detected as signed and trusted on all windows
versions without the popups
http://www.ksoftware.net/
Ditto |
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you for all the suggestions, particularly the suggestion of
KSoftware. After looking over their site, I think I plan to pursue that
option.
On a related note, I've heard that it can be tricky to initiate this
process. Someone mentioned that the Godaddy cert is tied to the
development machine. I've also heard that the process needs to be
initiated from an email that uses the company domain i.e. no gmail
accounts. Anything along these lines I should watch out for?
|
|
|
|
|
Posts:
424
Registered:
8/26/01
|
|
R Sinimae wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/
Same here, very nicely priced. |
|
|
|
|
Posts:
424
Registered:
8/26/01
|
|
R Sinimae wrote:
Anyone got any experiences with this? There seems to be a handful of
major players (Comodo, Symantec, Godaddy, Globalsign, etc.) providing
this who all more or less provide the same thing? Are there any
specifics I should be looking out for? I just need to make a simple
application downloadable from our company web site and would like to
eliminate the warnings when the application is installed.
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/
Same here, very nicely priced. |
|
|
|
|
Posts:
218
Registered:
2/7/00
|
|
R Sinimae wrote:
+1
Using the 4 year certificate now and it isn't the first one from them. |
|
|
|
|
Posts:
683
Registered:
3/3/01
|
|
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/
+1 for K-Software.
--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com |
|
|
|
|
Posts:
683
Registered:
3/3/01
|
|
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/
+1 for K-Software.
--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com |
|
|
|
|
Posts:
218
Registered:
2/7/00
|
|
R Sinimae wrote:
+1
Using the 4 year certificate now and it isn't the first one from them. |
|
|
|
|
Posts:
683
Registered:
3/3/01
|
|
"R Sinimae" wrote on Mon, 5 Mar 2018 21:10:10 -0800:
Using KSoftware (re-selling Comodo) and we like them for service and price.
Singed app is detected as signed and trusted on all windows versions without the popups
http://www.ksoftware.net/
+1 for K-Software.
--
Brandon Staggs
StudyLamp Software LLC
http://www.studylamp.com |
|
|
|
|
Posts:
218
Registered:
2/7/00
|
|
R Sinimae wrote:
Using KSoftware (re-selling Comodo) and we like them for service and
price. Singed app is detected as signed and trusted on all windows
versions without the popups
http://www.ksoftware.net/
+1 |
|
|
|
|
Posts:
14
Registered:
10/9/06
|
|
|
Thank you to everyone for the feedback. Looks like ksoftware appears to
be a good option and I plan to look into it.
|
|
|
|
|
Posts:
590
Registered:
12/1/99
|
|
On 3/14/18 8:27 AM, Frank Marousek wrote:
Thank you to everyone for the feedback. Looks like ksoftware appears to
be a good option and I plan to look into it.
Why doesnt Microsoft handle the signing like apple does with macos and ios? |
|
|
|
|
Posts:
3
Registered:
9/24/16
|
|
Why doesnt Microsoft handle the signing like apple does with macos and ios?
You mean charge you $99 per year, require all apps to go thru approval process and can only be distributed thru their app store ?
Thanks but no
Raul
NB! At least for mobile - not familiar enough with macOS side
Edited by: R Sinimae on Mar 15, 2018 8:37 AM |
|
|
|
|
Posts:
590
Registered:
12/1/99
|
|
On 3/15/18 11:37 AM, R Sinimae wrote:
Why doesnt Microsoft handle the signing like apple does with macos and ios?
You mean charge you $99 per year, require all apps to go thru approval process and can only be distributed thru their app store ?
Thanks but no
Raul
NB! At least for mobile - not familiar enough with macOS side
Edited by: R Sinimae on Mar 15, 2018 8:37 AM
I assumed we were talking desktop here since both mobile OS require
signing so there's no point in ranting about that.
Windows S requires the approval process no?
You do not have to go through the apple app store to sign an app and
deploy it on MacOS. You do need to sign your app to allow it to run
(gatekeeper) though which is a good thing IMO. Gatekeeper in on by
default which makes sense but you can always run an unsigned app if you
choose to by alt clicking. |
|
|
|
|
Posts:
11
Registered:
10/7/06
|
|
Am 05.03.2018 um 19:07 schrieb frank@n-c-systems.com:
Anyone got any experiences with this?
First of all some information: http://www.davidegrayson.com/signing/
There are different kinds of code signing certificates. If you only
want to display the correct information in the UAC dialog (bypassing is
not possible), you need a simple code signing certificate from a well
trusted vendor (which root certificate is already known by Windows).
If your customers use Microsofts SmartScreen filter, you might get in
trouble. My last information is that if you use only a simple signing
certificate, you must gain reputation in order to bypass all SmartScreen
warnings. Or you use a code signing certificate with extended validation
(EV) in order to get on the SmartScreen white list automatically.
This is what we use because we had a customer which was not allowed
to bypass Microsoft SmartScreen filter.
At the time we start looking for a proper certificate I had some
problems to get the right information which certificate a vendor offers:
a normal code signing certificate or a certificate with EV. F.e. thawte
only offered simple code signing certificates at that time while
GlobalSign offered certificates with EV, too. A good hint for a EV
certificate seems to be an extra hardware token.
We decided a year ago to buy an 1 year EV certificate from
GlobalSign. We got an USB token, which must be plugged in while signing
our software, using Microsofts signing tool. Each signing process must
be authorized by entering a password.
We now decided to renew the certificate, this time for 3 years which
was much cheaper.
Btw, AFAIK the certificate duration is only good for signing new
software. Already signed programs don't get unusable.
(For the sake of completeness there is a third class of certificates
if you want to sign drivers. But I doubt that you ask for it because you
can't develop drivers using Delphi).
hth,
Björn.
--
DRIGUS Systeme GmbH |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
|
Posts:
205
Registered:
3/17/00
|
|
Anyone got any experiences with this? There seems to be a handful
of major players (Comodo, Symantec, Godaddy, Globalsign, etc.)
If you take buy links from this Microsoft page:
https://msdn.microsoft.com/windows/hardware/drivers/dashboard/get-a-code-signing
-certificate
you will find the certificate prices offered are mostly less, often much less,
than the vendors web sites. No idea how or why, but it works. Around $100 a
year for Digicert/Symantec.
Also make sure you use signtool from the latest Windows 10 windows kit, and
that you sign with both both sha1 and sha256 time stamps.
Angus |
|
|
|
Legend
|
|
Helpful Answer
(5 pts)
|
|
Correct Answer
(10 pts)
|
|
Connect with Us