Preparing to code sign a Windows app, coming from signing Mac apps it's a breeze, Windows not so much.<p>What is everybody's goto place for code signing a Windows app?<p>Also have you been able to do this on a Mac as well?
I've been code signing Windows apps for 15+ years. The process has gotten more and more convoluted over the years. Prices vary from seller to seller, but most sellers are really re-sellers, selling certs from one or two providers.<p>This is where I buy the cert, as it's proven to be consistently the cheapest (no affiliation):<p><a href="https://www.ksoftware.net/code-signing-certificates/" rel="nofollow">https://www.ksoftware.net/code-signing-certificates/</a><p>The OV cert is usually sufficient. I've never seen a reason to go with the EV cert.<p>Before you buy the cert, read ALL the instructions very carefully on the website, as once you apply you can't easily change things.<p>Things you need to have set up correctly in advance:<p>- A business name, not a personal name<p>- A website and email address for the business name<p>- Whois information that matches the website address / phone number to the website businesses physical address and phone number. Don't hide your Whois information!<p>- A landline phone number (VOIP works)<p>- An entry in some sort of recognised telephone directory so that the landline phone number's connection to the business can be externally validated<p>This all looks like overkill and many of them are illogical, but if any of these things are amiss your order will fail the basic validation, putting you getting the cert in doubt.<p>These 'security' steps are all meant to prevent dodgy individuals or fake business getting code signing certs, but they make it a real hassle for small businesses or one man shops to get a cert.<p>For this reason, always buy a cert for as many years as possible -- this isn't a process you want to be doing every year.
There's no single goto place. I bought mine from comodo, which is now sectigo.com<p>Indeed, an OV is sufficient, Sectigo is pretty fast at this -- you will need proof of business (phone number + proof to see that the business is still running), and that's about it.<p>Another "fun" fact - when you start signing, every browser will flag your app as "this application is not commonly downloaded", and this will go on for a while (2-3 weeks, sometimes even more). This might also happen for Antiviruses -- yeah, it's really fucked, I could say.<p>A few years back Microsoft came up with another type of code signing certificate (don't remember the name), that doesn't have the problems I outlined above. However, it usually costs 4-5x as much, and personally I don't think it's worth it.