So, just like I code sign my apps to distribute on the Mac App Store and be seen as a trusted developer on the Apple side, how do I code sign my apps to be recognized as a trusted Microsoft developer?
I use a Comodo certificate and KSoftware’s app to codesign, works well IMO. Other people use other solutions here.
I think the most common around the forum is KSign: http://codesigning.ksoftware.net
I used the one from StartCom https://www.startssl.com
So far works fine for the Windows deployment
Thawte cert and Windows SDK signtool.exe
[quote=303500:@Edwin Lau]I used the one from StartCom https://www.startssl.com
So far works fine for the Windows deployment[/quote]
Unfortunately not anymore:
I have been with Comodo for years, this year I went to Digicert.com to have full authenticode.
But I still use kSign (great free program from kSoftware).
Did those companies state their reasons for changing their policies? I didn’t trust the website about 4 sentences in… And how do we get that root cert update, because Safari is trusting their website and I don’t want it to trust any of their certs.
On Windows I only use Firefox because that browser handles the CAs independently of the OS updates and you can go in a delete or block specific CAs. Chinese post office etc.
Did some research. Apple’s statement on the matter: https://support.apple.com/en-us/HT202858
I discovered you can revoke trust in system level certificates on Mac using Keychain access.
Find the cert, Get Info, expand the Trust section, and change the popup to Never Trust.
I can elaborate if anyone needs more help.
If I recall correctly, they did nothing wrong, but the were bought out by some other company can’t remember the name, who were caught issuing false certificates!
Mozilla is a bit more direct: https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ they seems to have been back-dating certificates and a long list of other breaches.
Unless we are talking freeware or stuff on the cheap, the less than $100 of a decent Comodo certificate for a full year should not be an issue. Better that than go with some shady fly-by-night and regret it later.