Bonjour,
For my apps on Apple, I have an Apple developper account and App Wrapper.
And to sign my apps on Windows, I bought a pfx file and I use ExeWrapper.
But I found that I can export my Apple certificate as a p12 file with Keychain Access and use it with ExeWrapper to sign my Windows apps.
The app runs OK on Windows via Parallels on my Mac.
And I ask me if that is OK to distribute apps?
Apple Certificate on Windows will not do anything for you. Since its not validated in any way on Windows. So basically will do same as self signed certificate.
As someone recently emailed me about this I feel the need to point out:
Apple is not a CA for Microsoft Authenticode. Windows will reject the signature. This does not work.
I have an Apple certificate as well. For Windows I have one from Sectigo.
Which brings up another point. I have well over a year to go before I have to update the Sectigo certificate, but it’s not too early to start sniffing out alternatives. Dealing with them is not quite as much fun as pulling out one’s liver. 
@Jerry_Fritschle
agreed it is a hassle every time
I just went through this with them and providing all requested information and last time order info it was just a huge hassle
Since Windows certificates are such a monumental hassle and SmartScreen builds reputation off the certificate, you should always buy the longest certificate you can afford. I did a 3 year last time. Next time around I’m buying a 10 year certificate from ssl.com so I don’t have to think about it again for a long while.
Agreed as I bought a 3 year so I would not have to deal with the above mentioned
BUT some cannot do that and have to do yearly and I feel that pain as I have done that for many years
Yes, 3 year here as well (I think the one it replaced was 5 year, but that option was gone.)
Thanks for the recommendation.
Are you all suggesting that our WebApps with a digital certificate (ie AppName.crt) will need to have that file replaced fairly frequently, or will it keep working for expired certificates?
This discussion pertains to code signing desktop applications.
Ah, thank you
Hmm…from renewal time, ten years would put me into my mid-seventies. I should do that as a sign of optimism.
Thanks for your responses!
Hi Thom,
Did you end up getting a 10 year cert from ssl.com? If so, did you do EV or OV? Did you resolve the issues with automating signing during the build process?
Thanks for any advice!
I have not. Mine doesn’t expire until June 2024 so I’m not shopping around for a while.
But I do have experience I can share. I’ve had to deal with an EV certificate from ssl.com and it’s a monstrous pain in the ■■■to automate signing. You basically cannot. You can sign whatever you want using their web interface, or use their CodeSignTool command line app to do the signing. But that comes with two massive caveats. First, the tool requires answering a y/n prompt to write the signed file to the same location, which is necessary when building with InnoSetup. I managed to use a Java decompiler to look at the code and figured out a way to pipe a “y” to their tool, so there’s at least some way to do it. But the second caveat is that CodeSignTool costs $10 per file signed. So a typical build would probably cost a couple hundred dollars. That makes it a total deal breaker.
An OV should not require this insanity, but with the upcoming changes, I can’t say that confidently.
Thanks for the additional info. I was hoping to get something for 10 years since your earlier suggestion here makes sense.
However, I may just go with some of the other providers recommended in other threads for 3 years.