First time Code-Signing a Windows app

Mine expires in December 2022. I guess I am going to renew for 5 years (max).

I have a couple of years to go, and getting that was like having a lung removed without anaesthetic.
I cant see a 5 year option… seems like 3 years tops?
And I fear that in a couple of years they will arbitrarily decide that these certs aren’t good enough either.

That’s for a new OV cert. If you renew, you can go up to 5 years. I just send them a mail to ask if longer is also possible. :slight_smile:

1 Like

i used inno setup and ms msix packagaing tool (free from ms store) to build packages for ms store
and let sign ms the app.
it can took one ore more days until an update was proved.
if someone need a app for free i can create codes via ms developer dashboard.
offering a free test phase is also possible.

an MSIX package that you can install on your machine or upload to the Microsoft Store

Notably does not mention “install on someone else’s machine”
I don’t want to use the Microsoft Store.
It seems that if I want to sign an MSIX package for ‘not Microsoft’, then I still need the OV/EV certificate. It doesnt make anything easier.

FWW I get no answer from KSoftware. Also, their website is not update from 2021.
Anyone else has difficulties to reach them?

Dealing with them is almost as fun as self-surgery.

I have just under a year to go on my present certificate and I’m already starting to look at alternatives. I do admit, though, that I rather like their KSign app.

1 Like

In the past they did answer very quickly. Not the case now, so it seems.
It also seems they are now using Sectigo. In the past this was Comodo. EDIT: nevermind Sectigo is the new name for Comodo.

Anyone has experience with Code Signing Certificate, Cheap Comodo Code Signing, Digital Code Signing

Oh boy … K Software Reviews | Read Customer Service Reviews of

Hmmm… created a new thread for this. Code signing certs for Windows thread

1 Like

Oh carp…

Yes, ultimately you’re dealing with Sectigo. That’s what I meant :slight_smile:

I think ksoftware’s biggest problem is having to use a very specific version of Firefox, which is a total pain to get it to not update itself.

Why do these people have to use a specific version of a specific browser?

They are using a deprecated API for key generation. The private key is stored in the browser, and you can’t retrieve the certificate without the matching private key.

4 years ago I used MS Edge to get the private key and public key and that worked fine.

A couple browsers still support it: HTML element: keygen | Can I use... Support tables for HTML5, CSS3, etc

But last I knew, they were also doing browser sniffing and I couldn’t actually use Safari or Edge.

Well, no reply for my emails either
Plenty of ‘why didnt you call me?’ on the review sites
Looks bad.

You should not need a specific browser to download the certificates if you generate them outside of the browser - see Sectigo Code Signing Certificate Problems - #3 by Mike_D

Anyone who slaps a ‘this page is best viewed with Browser X’ label on a Web page appears to be yearning for the bad old days, before the Web, when you had very little chance of reading a document written on another computer, another word processor, or another network.

– Tim Berners-Lee

1 Like

I know all about certificate generation. ksoftware does it via the HTML element and submits the CSR to Sectigo. They need to stop that and do it the more traditional way.

sorry for being offline for some time… pass = password.

Update: I have to mention that this time I didn’t succeed getting the Code Signing Certificate !!
The payment process worked fine - but the download process doesn’t work (I tried with Win an Mac) - I contacted KSpoft Support via mail - received mails vom KSoft that their dupport will contact me in-between one day … until now no response - not good at all !