Code Signing Certificate


#1

Hello,

I want to buy a code signing certificate:

  1. will useing code signiing prevent antiviruss and firewalls from blocking my EXE files ?

  2. do you have “partner” to buy from him ?

thank you !


#2

yes, same here. where can i buy it from?


#3

Code signing Certificates do not alleviate the problem with AV’s and Firewalls from dis-allowing .exe files from being downloaded. One of the most popular (and affordable) sites to purchase a code signing certificate is from Godaddy.com.To some extent EV Code signing certificates may allow your .exe files to be downloaded.

You can purchase EV Code Signing Certificates from several organizations but one of the globally recognized company is DigiCert.

The real problem is how Microsoft now qualifies good versus not good downloads. Since the inception of Windows 10, Microsoft has adopted a new algorithm for qualifying good .exe files for downloads and it is based on what is called “Automatic SmartScreen Reputation”. Read about it here:


#4

This is really expensive - 474 USD per year is a lot


#5

No doubt it is expensive. If you want to distribute your exe file via web/ftp downloads you are going to need either a Code Signing Certificate or an (Extra) (Validation) EV Code Signing Certificate. What I had to do was:

  1. Purchase a Code Signing Certificate to use when building my Setup.exe file (Using Paquet Builder) so that when installing/uninstalling my app (and its components) my Window users were not presented with the Windows “User Account Control” dialog box alerting the user that it was from an unknown publisher message. This gave credibility to our app and company.

  2. Purchase a EV Code Signing Certificate which supposedly gives instant Windows “Reputation Status” recognition to get through the Windows Smart Screen filters when downloading any exe file with any browser when using Windows 10 (Windows 7 does not have this issue) to download our Setup.exe file.

The only other option is to give your users a download link via a Dropbox, OneDrive, or GoogleDocs, etc., to download your exe file. (This is assuming your are giving your exe file to users who will not be paying for the file). If your exe file is for sale then you will have to run it/download it through some web site/cart mechanism which will almost require some sort of validation.


#6

Code signing will show your company’s name on the warning instead of “unrecognized app”. And it will also definitively help for antivirus software. Thus, the antivirus company can add your certificate to their whitelist: then, all EXE files you make with XLS Padlock and code signed are automatically whitelisted too.

Code signing isn’t mandatory, but highly recommended nowadays if you create and distribute EXE files.

You can get cheap ones for instance at http://codesigning.ksoftware.net/
With the coupon code CPNHTMLEXE, you can get 5% off.

Regarding SmartScreen Reputation, unfortunately with a non EV code signing certificate, you’ll have to wait some time until your EXE files have been downloaded enough, so that your certificate gets some “reputation”. It is a matter of days or weeks, depending on the number of downloads per day.
It’s a criticized feature implemented by Microsoft and other browser/antivirus companies: you can learn more about it at http://blogs.msdn.com/b/smondal/archive/2013/01/08/windows-smartscreen-prevented-an-unrecognized-app-from-running-running-this-app-might-put-your-pc-at-risk.aspx

<< Though the application is signed with a certificate from Verisign, still the publisher name is displayed as unknown. SmartScreen dialog should be the same as for any other executable, with a “More Info” option, and “Run Anyway” button. Windows SmartScreen alerts users before running unrecognized programs downloaded from the Internet. Microsoft has extended the SmartScreen feature of Internet Explorer to Windows as well to protect users from malware. In general, SmartScreen Protection shows the above message when you try to run a newly released program or an application that has not yet established a reputation. Even though one can easily disable the SmartScreen Protection feature in Windows 8, we don’t advise you to turn off the protection.

Once this is done, the SmartScreen will continue to warn about the application until the certificate develops a reputation. But it would display a valid publisher name instead of unknown publisher. >>

It’s not a problem due to XLS Padlock, because any software program is impacted.


#7

i found out that GoDaddy offers Code Signing Certificates for a human price. Round about 180 EUR.


#8

As stated previously, our reseller offers code signing certificates for about 90$ per year (non EV). It’s difficult to find a better price.


#10

I just purchased from K software a code signing certificate, and at the information entry stage I was asked to choose all kinds of entries, so I left it as the default (I attached a print screen).

Is those values are importent to the XLS padlock ?


#12

No, they aren’t.


#13

whether one should purchase SHA 1 code signing or SHA2 CODE signing to work with xls padlock


#14

The code signing utility uses Windows APIs to sign EXE files, so if they support SHA2, XLS Padlock will too.