Code Signing in Windows is simple and inexpensive
I would like to tell here about such an important feature of development for Windows as Code Signing. But many serious developers still do not use it, and it is in vain. Besides the fact that when you start your unsigned application, a nasty red icon appears with a cross and unpleasant text:
“This file is not digitally signed by the manufacturer. You should run the program only from manufacturers you trust. "
It is also a pass to the corporate market.
When you run an unsigned program, the following window appears:
And this is what the window looks like when the program is signed:
Previously, you may not have paid attention to this nonsense, but many are paying. In many companies (those that are larger and not so), the launch of unsigned programs is simply prohibited, protection against viruses and other “good”. So with an unsigned program, you immediately close this market to yourself and scare ordinary users. And this despite the fact that a certificate for a signature costs only $ 99 per year (from Comodo Group Inc.).
')
True, there may be one problem, the certificate is issued to the company, in some cases it turns out to get a certificate for the IP with dba (doing business as) name instead of first and last name. For a private person to get a certificate will not work. Some time ago, cunning people who owned photoshop could get a certificate by “drawing” documents. But then the guys from the Mozilla community bought a certificate in Comodo without any checks at all and told about it online. Since then, Comodo requires statutory documents of the company.
Other trusted certificate authorities also offer similar services, but they are more expensive. Even the Comodo site itself has certificates for $ 166.95 per year, Thawte $ 299 per year, Verisign $ 499 per year. If you need to sign a driver, then Verisign without options, although for the first year you can get a discount of $ 400 and pay only $ 99 (you must use this promo code: THEDEAL99). Also, without a Verisign certificate, do not get Designed for Windows ... In all other cases, there is no point in overpaying for the name of the company that issued the certificate. Certificate for $ 99 is the best option at the moment, just need to buy it through a reseller, for example: ksoftware.net , I buy certificates through them for more than a year.
One important point, before receiving a certificate, it is very desirable to register your company or SP with Dun & Bradstreet and get a DUNS number. This number is very respected by the companies that issue certificates, and upon presentation of this number, in the absolute majority of cases, no other supporting documents are asked. Otherwise, you will have to send scans of statutory documents, and sometimes any accounts to the company, for example, for a telephone. To obtain a certificate on the IP is one of the main steps. Without this, in the case of IP, nothing can happen at all.
The process of signing the program / installer is quite simple and easy to automate, if I can describe it.
That's all. If you work in the windows software market - a certificate is an important and necessary thing. I have to admit and myself began to avoid unsigned programs after that.
“This file is not digitally signed by the manufacturer. You should run the program only from manufacturers you trust. "
It is also a pass to the corporate market.
When you run an unsigned program, the following window appears:
And this is what the window looks like when the program is signed:
Previously, you may not have paid attention to this nonsense, but many are paying. In many companies (those that are larger and not so), the launch of unsigned programs is simply prohibited, protection against viruses and other “good”. So with an unsigned program, you immediately close this market to yourself and scare ordinary users. And this despite the fact that a certificate for a signature costs only $ 99 per year (from Comodo Group Inc.).
')
True, there may be one problem, the certificate is issued to the company, in some cases it turns out to get a certificate for the IP with dba (doing business as) name instead of first and last name. For a private person to get a certificate will not work. Some time ago, cunning people who owned photoshop could get a certificate by “drawing” documents. But then the guys from the Mozilla community bought a certificate in Comodo without any checks at all and told about it online. Since then, Comodo requires statutory documents of the company.
Other trusted certificate authorities also offer similar services, but they are more expensive. Even the Comodo site itself has certificates for $ 166.95 per year, Thawte $ 299 per year, Verisign $ 499 per year. If you need to sign a driver, then Verisign without options, although for the first year you can get a discount of $ 400 and pay only $ 99 (you must use this promo code: THEDEAL99). Also, without a Verisign certificate, do not get Designed for Windows ... In all other cases, there is no point in overpaying for the name of the company that issued the certificate. Certificate for $ 99 is the best option at the moment, just need to buy it through a reseller, for example: ksoftware.net , I buy certificates through them for more than a year.
One important point, before receiving a certificate, it is very desirable to register your company or SP with Dun & Bradstreet and get a DUNS number. This number is very respected by the companies that issue certificates, and upon presentation of this number, in the absolute majority of cases, no other supporting documents are asked. Otherwise, you will have to send scans of statutory documents, and sometimes any accounts to the company, for example, for a telephone. To obtain a certificate on the IP is one of the main steps. Without this, in the case of IP, nothing can happen at all.
The process of signing the program / installer is quite simple and easy to automate, if I can describe it.
That's all. If you work in the windows software market - a certificate is an important and necessary thing. I have to admit and myself began to avoid unsigned programs after that.
Source: https://habr.com/ru/post/83008/
All Articles