So a friend of mine and I have spent the last few months building this amazing app and put it out for a couple of beta testers to tell us how great it is, and 10 min after putting out there we got our first reply. Great! I was all ready to hear about how awesome it looks and its so intuitive (even without help files of any kind)
Alas, the download was blocked by their Window’s machines as being potentially harmful. one person’s computer wouldn’t even let them download it. The other was able to download it but got a warning when they tried to run it.
Sounds like we could use some guidance from some more experienced developers on how to package a desktop app so that people don’t great frightened away when they try to download/install it. I’m sure there’s information about this online, but I’ve been poking around for a while and can’t really find a “This is how to avoid this issue” post.
Comodo does a non-trivial job of verifying your ID – so be prepared with bank statements, articles of incorporation, phone bills, first-born children, etc. I thought I hit a roadblock in a few places (old mismatched addresses etc.) but just kept sending them copies of info and eventually met their criteria.
Step : Download the Certificate to your Mac
Once you’ve jumped through all the hoops of proving your individual/corporate identity, comodo will send you an email with a link to download the certificate. Note that this appears to be a single-use link, so do it from the mac that you intend to use for code signing. I believe you can easily move the certificate to another mac later, but you can’t re-download it again from comodo to another machine, so back it up.
As you download, the certificate should go automatically into your keychain. If not, double click it. I used Safari 4.x, not sure about FireFox etc.
Step : Move the Certificate + Private Key from Mac to Windows:
You can use this same certificate on win32 machines as well. The trick is exporting to a .p12 format, which turns out to be the same as a .pfx format which Win32 understands.
On your Mac:
Export to a .p12 file (which is the same as a .pfx file):
open Keychain access
select “Certificates” in the Category filter area. (Note: this is important, as if you have “All Items” selected, then you’ll see the certificate and private key as separate items. In ‘Certificates’ view the two will be grouped together so you can export as one item.)
find the certificate you purchased. Make sure it has a disclosure triangle and has a private key inside it.
right-click the certificate, choose export, and give a strong password (note: this password protects your Private Key. Never give out your private key, or this password to anyone.)
this .p12 file can be copied over to your Windows 7 Machine.
Start menu, type CMD and hit return to launch the DOS shell
enter this command (note that the paths will be different on your computer – I’m using Windows 7)
“C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool” sign /f “C:Path\To\myCertificate.p12” /p myPrivateKeyPassword “C:\path\to\myRealbasicApp.exe”
to verify, right click the EXE, choose properties, and see if the Digitial Signatures tab has the correct information.
I used InnoSetup to create an installation file (setup.exe) and had tried uploading both the .exe file itself and the .exe packaged in a .zip. Varying degrees of success with both processes. Sounds like I have some more reading to do.
Welcome to the wonderful world of code signing, please leave your hair and any other item that may become harmful to you at the door. Sanity is not required as it will be extracted from you in the most painful way possible during the process.
It’s a proof of quality for you and your business in using codesigned software for distribution. If you’re using Innosetup don’t forget to sign your unpacked software first. All Windows executables have to be signed this also includes .dll files. After creating your setup.exe installer file this file is to be signed either.
I know this has been asked and answered before several times but I think updated information can be helpful: What is the cheapest route to code-signing Windows applications for a single developer and what’s its cost?
After asking I did some googling and found ksoftware. They seem to be cheap and easy to use. The cost is below 100USD per year.
Julen[/quote]
I just renewed my certificate with Comodo for two years. The free Ksign app from ksoftware is the easiest of procedure : select the executable, click Sign, and voilà
Michel, you need to do something about the avatar… The extraterrestrial was so much better than this one. Hey! Even my non-avatar looks better! And by the way, you can come out of the corner. Punishment is over.