For my apps on Apple, I have an Apple developper account and App Wrapper.
And to sign my apps on Windows, I bought a pfx file and I use ExeWrapper.
But I found that I can export my Apple certificate as a p12 file with Keychain Access and use it with ExeWrapper to sign my Windows apps.
The app runs OK on Windows via Parallels on my Mac.
And I ask me if that is OK to distribute apps?
Apple Certificate on Windows will not do anything for you. Since its not validated in any way on Windows. So basically will do same as self signed certificate.
I have an Apple certificate as well. For Windows I have one from Sectigo.
Which brings up another point. I have well over a year to go before I have to update the Sectigo certificate, but it’s not too early to start sniffing out alternatives. Dealing with them is not quite as much fun as pulling out one’s liver.
@Jerry_Fritschle
agreed it is a hassle every time
I just went through this with them and providing all requested information and last time order info it was just a huge hassle
Since Windows certificates are such a monumental hassle and SmartScreen builds reputation off the certificate, you should always buy the longest certificate you can afford. I did a 3 year last time. Next time around I’m buying a 10 year certificate from ssl.com so I don’t have to think about it again for a long while.
Are you all suggesting that our WebApps with a digital certificate (ie AppName.crt) will need to have that file replaced fairly frequently, or will it keep working for expired certificates?
Did you end up getting a 10 year cert from ssl.com? If so, did you do EV or OV? Did you resolve the issues with automating signing during the build process?
I have not. Mine doesn’t expire until June 2024 so I’m not shopping around for a while.
But I do have experience I can share. I’ve had to deal with an EV certificate from ssl.com and it’s a monstrous pain in the ■■■to automate signing. You basically cannot. You can sign whatever you want using their web interface, or use their CodeSignTool command line app to do the signing. But that comes with two massive caveats. First, the tool requires answering a y/n prompt to write the signed file to the same location, which is necessary when building with InnoSetup. I managed to use a Java decompiler to look at the code and figured out a way to pipe a “y” to their tool, so there’s at least some way to do it. But the second caveat is that CodeSignTool costs $10 per file signed. So a typical build would probably cost a couple hundred dollars. That makes it a total deal breaker.
An OV should not require this insanity, but with the upcoming changes, I can’t say that confidently.