How do I Microsoft code sign my apps with Xojo?

So, just like I code sign my apps to distribute on the Mac App Store and be seen as a trusted developer on the Apple side, how do I code sign my apps to be recognized as a trusted Microsoft developer?

I use a Comodo certificate and KSoftware’s app to codesign, works well IMO. Other people use other solutions here.

I think the most common around the forum is KSign: http://codesigning.ksoftware.net

I used the one from StartCom https://www.startssl.com

So far works fine for the Windows deployment

Thawte cert and Windows SDK signtool.exe

[quote=303500:@Edwin Lau]I used the one from StartCom https://www.startssl.com

So far works fine for the Windows deployment[/quote]

Unfortunately not anymore:

I have been with Comodo for years, this year I went to Digicert.com to have full authenticode.

But I still use kSign (great free program from kSoftware).

Did those companies state their reasons for changing their policies? I didn’t trust the website about 4 sentences in… And how do we get that root cert update, because Safari is trusting their website and I don’t want it to trust any of their certs.

On Windows I only use Firefox because that browser handles the CAs independently of the OS updates and you can go in a delete or block specific CAs. Chinese post office etc.

Did some research. Apple’s statement on the matter: https://support.apple.com/en-us/HT202858

I discovered you can revoke trust in system level certificates on Mac using Keychain access.
Find the cert, Get Info, expand the Trust section, and change the popup to Never Trust.
I can elaborate if anyone needs more help.

If I recall correctly, they did nothing wrong, but the were bought out by some other company can’t remember the name, who were caught issuing false certificates!

Mozilla is a bit more direct: https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ they seems to have been back-dating certificates and a long list of other breaches.

Unless we are talking freeware or stuff on the cheap, the less than $100 of a decent Comodo certificate for a full year should not be an issue. Better that than go with some shady fly-by-night and regret it later.