Code Sign certificates

DSP, Plugin and Host development discussion.
RELATED
PRODUCTS

Post

Ivan_C wrote: Thu Oct 04, 2018 10:02 am So, everybody here has acquired a Microsoft approved certificate which is not EV to remove the need for the extra paperwork, meaning that a few users are getting the error message in installers at early release times only ?
For me the Windows warning dialogs disappeared probably after 100 downloads or so.
The nice thing is that if you release another product with the same certificate, it'll get instant UAC reputation.

Post

Thanks for your answer ;) (I hope you are doing well !)

And do you need to do it again every single time you get a new certificate (every single year when it is expired), or do certificate providers update the one you already have so you don't have to restart reputation building ?

Post

Ivan_C wrote: Thu Oct 04, 2018 1:51 pm Thanks for your answer ;) (I hope you are doing well !)

And do you need to do it again every single time you get a new certificate (every single year when it is expired), or do certificate providers update the one you already have so you don't have to restart reputation building ?
Doing alright, very busy, thanks ;)
I think reputation sticks if your provider 'renews' the certificate and they follow the procedure.
I took 3years in a row to be on the safe side, plus its cheaper.

Post

camsr wrote: Sun Mar 18, 2018 10:26 pm I've always been curious, how are software patches done on signed code?
Usually the signature is also patched, resulting in a correct final checksum.
VCV Rack, the Eurorack simulator

Post

I have purchased a CodeSign Certificate from via LeaderSSL and I finally got the Code Sign certificate. The signing process couldn't be easier :)

Post

Is the command below a correct way to code sign?

Code: Select all

"C:\Program Files (x86)\Windows Kits\8.1\bin\x64\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "Comodo.pfx" /p PASSWORD "Obxd14Setup.exe"

Post

Mine looks like this:

Code: Select all

"c:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign ^
	       /f "..\ComodoCert.pfx" /p "PASSWORD" ^
	       /t http://timestamp.verisign.com/scripts/timstamp.dll ^
	       /v "%installerName% Installer.exe"

Post

joshb wrote: Mon Nov 19, 2018 4:09 pm Mine looks like this:

Code: Select all

"c:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign ^
	       /f "..\ComodoCert.pfx" /p "PASSWORD" ^
	       /t http://timestamp.verisign.com/scripts/timstamp.dll ^
	       /v "%installerName% Installer.exe"
Slightly different but from what I checked should be as good.

Post

I sign Windows AAXs with my exported Apple cert. But it says it’s a bad idea when I do it.

Post

I don't see any problems if ProTools is fine with it, but it's not possible with .EXE or .MSI afaik.

Post

Interesting, I have no idea. Probably not.

Post

Yep, from this thread.
discoDSP wrote: Sat Apr 07, 2018 8:01 am No. Microsoft has only certain CAs installed by default and Apple is not among these.

I found a useful how-to article http://luminaryapps.com/blog/code-signi ... -on-a-mac/

Post Reply

Return to “DSP and Plugin Development”