Windows installation and certificates

Has anyone done a complete released Windows app? I have my Xojo (yes, Xojo 2013 R1) app ready for deployment and I have an installation script (built with InnoSetup). I am posting a free, limited-feature release and a full-featured release. I know that Windows doesn’t like apps that aren’t “signed,” but I’m not sure how to go about it (without paying a fortune with some of the Certificate companies out there). I would like the free app to be available on all of the popular SW shareware sites and the full-featured app available on the Windows App store.

Any assistance would be appreciated.

Thank you,
Ken Whitaker

Hello Ken,

I have released many programs as Windows Desktop Apps with InnoSetup. Usually the very large companies digitially sign their programs on Windows (Word, iTunes, etc.). Yes, there are a few who sign the program and I believe that they are in the minority. Other than getting the annoying screen when your program is run, most people accept the program and realize that the trial program is not digitally signed.

Just my $0.02,


Thanks, Eugene.


I disagree. Signing your apps also gives users a way to know that your app hasn’t been changed in any way, and that the app they’re using is actually from The company that it says its from. They work similarly to SSL Certificates on websites in that they verify identity.

Another option is to provide a check sum instead of signing your app. I think that Greg and I will agree to disagree - its all good and is not personal.

Here is an article which talks about both sides of this discussion with some good comments after the article: Code Signing Certificates



Signing is important for a few reasons.

1 - Anti-Virus programs could flag your program without a signature. Norton is really good at this.
2 - Windows 8 brings up a scary do not download warning.
3 - Lots of users will not download an application that is not signed.

When I was going thru beta with current customers, George is right. I had one guy whose Anti-Virus choked on running the installion for my software because it wasn’t signed. Ugh. Any suggestions for the best source to get signed apps? I have seen others use the Norton app certification process and it is quite expensive usually involving an annual renewal effort.

Thanks for any advice.

I found this website that offers a decent price for certificates.

I like this and will contact them immediately. Have you (or anyone else) used them before? If I’m not mistaken, one certificate can be used for both Windows and OS X editions of an app? :wink:

Thanks again, George.


You can’t. To be trusted by Gatekeeper on OS X, you’ll need a developer id from Apple ($99).

But is it possible to user your Mac Developer certificate to sign your Windows apps?!

[quote=18331:@George Balla]Signing is important for a few reasons.

1 - Anti-Virus programs could flag your program without a signature. Norton is really good at this.

I have released countless apps with valid CSC and they still often get flaged by the antivirus firms despite no ‘funny’ code. And you still have to go through the big hassel with every update to submit exe files to all the major Antivirus providers; if you want to prevent flags.

Unfortunately No. The root certificate for Apple is Apple themselves and most Windows users do not have their root certificate loaded.

We ended up buying a certificate for both Mac and PC. The Mac one from Apple via their developer program, and the PC one from ksoft (Comodo) for PC.