I registered as an individual and my name appears on the certificate. I guess the identity on the certificate is the only difference.
Hey I finally got a request for additional documents! That info has been submitted, so now we’ll see how much longer it takes.
2 Likes
I have just made this available to the public: GitHub: jo-tools/ats-codesign
ATS CodeSign | Docker
This example shows how to codesign using Azure Trusted Signing.
Codesigning is using jsign in a Docker Container jotools/ats-codesign. This allows codesigning to be performed on a host machine running on either Windows, macOS or Linux.
Requirements
- Set up Azure Trusted Signing
To get you started have a look at the included docs.
You’ll find some useful links and archived Web content there. - Have Docker up and running
It includes a Xojo example project with a Post Build Script.
Once set up with two .json files placed in the user’s home directory (and obviously having ATS setup and Docker ready) this allows the Windows application to be built and codesigned with Xojo running on either Windows, macOS or Linux.
My goal has been to have a universal Post Build Script which i can just copy-and-paste to any of my little leisure time projects. Hit Build in Xojo (which I’m using on Windows at work, on a Mac at home) and have the Windows applications automatically codesigned without having to fiddle with scripts for each and every little Xojo Project, no matter if I’m currently working on macOS or Windows. Oh, and it’s working in Linux, too 
I haven’t tagged a release in GitHub: jo-tools/ats-codesign yet - I intend to try this out on some projects in the next couple of days/weeks (and maybe notice some quirks that can be improved).
Still I hope some of you might this useful already in this early stage - so enjoy… 
8 Likes
Hello,
finally got my identity approved but could not succeed signing the app, the signtool shows no output at all.
I just have an application error in the events of windows. Kind of annoying
signtool.exe ist a bit tricky… needs a current version, minimum .net 6 runtime, additional .dll’s, …
All i can say is: read this documentation
It says e.g.:
Make sure that you have installed the minimum required dependencies:
- Windows 10 SDK 10.0.19041 or higher (or Windows 11 SDK). This includes the minimum required version of
signtool.exe. .NET 6.0 runtime. If this is not installed, signtool will fail silently without output.
That’s why I’ve created another simpler solution for my leisure time projects: GitHub: jo-tools/ats-codesign.
Super interesting! Thank you for sharing.
I will try again a bit and try your solution
Checked a bit:
- Got Windows 11 SDK 10.0.26100.0 so I met this part
- Got .NET 6.0.9 runtime
- Installed azure cli with nuget
Also notified that when I point to the dll/json that is outside the signtool folder, it fails.
No setting up everything in the same folder, I got a “no certificates were found that met all the given criteria”.
So I might have an error in the env variable or in the json file. I was not sure about the value of the AZURE_TENANT_ID and also the CodeSigningAccountName. Will double check that
Yup, that’s looking good already.
That’s most likely because of the currently wrong info in your .json files.
The Melatonin Article: Code signing on Windows with Azure Trusted Signing explains that quite good - even with ScreenShots (e.g. where to find the Azure Tenant Id).
My validation finally was just approved. So it took the better part of a month. For some people it takes hours. For others, it’ll take a while. If you’re going to apply, prepare for that.
There was nothing unusual about my process aside from the length. After a couple weeks they requested proof of domain ownership, which I provided. That was my last update. A few days later they rejected it because the invoice didn’t show my domain name or something like that. I resubmitted the same document, because it DID show the information they needed, and it was accepted a few days later. About a week ago I received a request to verify my email address, and got everything approved today.
Seems like I was singled out for the process to take a very long time for some reason. Maybe because I don’t use Azure for anything else.
2 Likes
Btw - my example project that had been intended to show how to use Azure Trusted Signing on all macOS, Linux and Windows has now a couple of more features:
- CodeSign with either Azure Trusted Signing or a traditional Codesigning Certificate
.pfx - Create a (codesigned) Windows Installer using InnoSetup.
I’ve put more information about that project in a new thread: Windows Code Signing & Installer Creation with InnoSetup
Back to this topic: I’m still very happy with Azure Trusted Signing - works very well for me (both privately, as well as in the company I’m working for).
And I really think it’s currently (the most?) affordable solution (and of course the “instant trust” as a big benefit)… certainly worth looking into once your traditional .pfx certificates are about to expire.
4 Likes
So how do you get the account ? You sign up for Azure Pay as you go first ?
That’s what I did (per the blog post).
1 Like
OK, let’s see how long it takes for validation. I have a DUNS number and have had since 2019 for this particular company. I’ve validated email and now we will wait. Quite the palaver to get through the setup, but hopefully a more fluid options for the future.
Well, they are not quick as Apple. Been in processing for 10 days now, so time to nudge them. 
and a nudge works wonders. Seems you have to make a forum post as one to one support is a paid option, but after 4 days it was worked on, had to provide a link to my State Sec. of State business website to prove I had been in existence greater than 3 years and an hour later, all approved. Now onto the next…
3 Likes
Hello,
Seems a bit strange, but I had success signing in March and when I came back to azure, all data about my app registration / signing disappeared.
I am trying to redo the whole process but now at the step of identity validation, it says “only available in US and Canada”, is there someone experiencing this too?
Julien
Well it seems it changed
As of April 2025, Trusted Signing is restricted to US or Canadian businesses with more than 3 years history. Although individual devs and the rest of the world was earlier supported in the public preview, it’s now restricted until GA (General Availability). There’s no official timeline, but it could be as early as Q2 2025.
That’s only for ->new<- subscriptions.
we are limiting new customer subscriptions as part of the public preview
I’m sorry to hear that… I have signed up as an “individual”, and can still access it in the Azure Portal. That’s in line with your linked Blog saying they’re only restricting new subscriptions until general availability.
Also of course sad that other individuals now need to wait… until they can get this quite chap code signing subscription.
1 Like
Well I was subscriber of the public preview because I was able to sign, it’s a bit strange