First time Code-Signing a Windows app

I had a similar situation. First time around they wouldn’t issue it to my company name, they were only willing to issue it according to what D&B said, which was my real name. After a lot of arguing, I said fine, just issue it in my name. When I got the certificate, it was in my company name. You can’t win with these idiots.

1 Like

Just want to add my two cents on ksoft. I decided I would get a certificate for my Mac and Windows app that I create and distribute as a hobbyist. The instructions on the ksoft site were horrible. They had tutorial videos that did not match what was displayed on the website, for one. Many of their instructions conflicted with other instructions they gave. I tried to follow their instructions as best I could but in the end I thought for sure I would be asking for a refund because I could not seem to get things to work.

Next thing I know, they are asking me for a selfie of me along with my drivers license. After submitting that and waiting, I got an email telling me to get my cert. If I recall correctly, I was able to do this on my Mac even though they insisted it would only work with IE on Windows.

If I decide to renew, I will definitely find a different vendor. Easy for me as a hobbyist and only doing this for my own personal satisfaction - not trying to make a living on it.

On the other hand, ExeWrapper and App Wrapper 4 usage was a breeze.

1 Like

@Thom_McGrath sorry you had a bad experience with ksoftware

I changed my individual license this year to my business name and upon submission of needed to issuance of certificate was 2 days, I even got a phone call from ksoftware to make sure everything went ok

did you go threw a third party or ksoftware?

I have used ksoftware for years and never ran into a problem like that

I didn’t just have one bad experience, I had three.

ok that can sour anyone

Just saying I have not had one bad experience with them

For me, it worked well, too.
But I didn’t ask for an EV signature.

I have always purchased OV signature for almost 6 years now from ksoftware and never ran into a problem.
Matter of fact I have always received a call making sure everything went well

Resuscitating this thread in late summer 2022 as maybe things have changed. Anyone bought certificates recently and can tell me if my understanding described below is correct? I yet another newbie at signing who has a Windows app that I’d like to improve the user’s experience with (I just figured out how to use App Wrapper to sign and notarize the Mac version).

  1. It looks like ksoftware lets you use other browsers now (instead of an old version of Firefox) like IE (How do I export my Code Signing Certificate from Internet Explorer? : K Software). Is this right?

  2. ssl.com indicates that after Nov 15 2022 you will either have to use a cloud signing service (at a monthly fee on top of the certificate cost) or pony up $200 for it to come on a USB token. Is this something they all will be required to do (for example ksoftware too)? See the explanation at the bottom of this page: https://www.ssl.com/certificates/code-signing/

  3. ksoftware has a free app call kSign. Does this do the same thing as ExeWrapper but running on Windows? Is there anything special about ExeWrapper I should be excited about? The website description is pretty short and maybe assumes the reader already knows all about signing.

  4. Are there recommended (hopefully free) tools to create the installer itself for windows? I see the OP’s Install Creator mention. Are there others?

Thanks in advance. This thread was already helpful. Just seeing if there is newer info.

I went through this in January, I hope things are better now? See https://forum.xojo.com/t/sectigo-code-signing-certificate-problems

There is InnoSetup which creates modern looking setups for apps. It can also call a code signing software to sign everything within the process. InnoSetup is free and you can support development by donating to the developers.

1 Like

Inno Setup is great, free, easy, and well documented. Highly recommend.

Getting the actual code-signatures to use: that’s the big problem.

my experience with kSoftware:

  1. I didn’t succeed downloading the certificate via browser last year and spent a lot of time trying. Then I wrote a mail to kSoftware support and after a while they sent me the Code Signing Certificate. (not the pass - I had to ask for this extra :wink:
    These days my CSD expires, hopefully the renewal process by email will work again - I even didn’t try to go the “browser-way”.
  2. kSign works fine - just download it and try.
  3. As Mike D says - Inno Setup also works fine :slight_smile:

Whats a pass?

Well that site just clued me into some very onerous changes coming to certificate issuance. OV certificates are about to become as much of a hassle as EV certificates.

This really sucks.

This sounds ominous… I tried to follow the webpage but dont understand it.
What does this mean in simple terms for signing windows apps for web distribution?

You’ll need a yubikey and an adapter program to allow it to work with signtool.

Do I understand if you buy a new OV cert before 15 November, you can use the current way to codesign? If this is the case, I may buy a new OV cert that last 5 years or so.

Holy forking shirtballs.
This is getting stupid - I have no idea how to do that.

1 Like

I don’t yet either. Mine expires in 2024, so I’m not sure what I want to do. ssl.com will sell me 10 years for $640, but I’d be wasting a significant amount of time. I think they’re already using the new system though, as they’ll happily charge you $200 for a $50 yubikey.

I think I might just wait and adapt. It’ll need to happen eventually anyway.