* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Windows Store desktop submission requires expensive cert?

I am hoping someone who has recently gone through this can give me a quick answer.

I already have a Comodo cert I am happy with and am investigating submitting a desktop app to the Windows store. Reading the Microsoft information http://msdn.microsoft.com/en-us/library/windows/desktop/dn374786%28v=vs.85%29.aspx does not help much since it does not explicitly outline requirements about code signing.  It says "All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must be signed with an Authenticode certificate" but it does not restrict it to only Verisign.

Past posts on this forum are unclear about whether a Verisign cert was actually required in the end:
http://discuss.joelonsoftware.com/default.asp?biz.5.848578.19
>> My app is in the store and I did not have to purchase anything like a Verisign license. 

This post from August 2013 indicates you can pass certification with non-Verisign but you can't submit to the store without one:
http://answers.flyppdevportal.com/categories/metro/windowsstore.aspx?ID=47c84e48-f065-406a-a248-1411b2617b81
>> The problem is, when you’re SUBMITTING the result. You’ll need a VERISIGN certificate.

http://msdn.microsoft.com/en-us/windows/desktop/jj134964.aspx has a step stating a code cert is required leading to http://msdn.microsoft.com/library/windows/desktop/hh801887.aspx which lists Verisign or DigiCert options. The DigiCert non-EV certificate is $267 for 3 years (50% off for "SysDevs" whatever that means). I can't get pricing on the Verisign cert but I assume it is more expensive since I have seen the $700/year price mentioned.

So is "$267 for 3 years" the minimum cost I should expect to incur if I want my desktop app listed in the Windows Store? Or is there no specific vendor requirement for the Authenticode signing requirement? I'm really debating whether I should even start down this path what with all the myriad Windows Certification requirements listed at http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx .  Did all the "junk" Windows Store applications really pass all those requirements?
Craig A Send private email
Wednesday, September 10, 2014
 
 
Any Authenticode certificate from a certified vendor is enough. It is NOT mandatory to get the certificate from VeriSign.

The same recommendation stands for Windows desktop applications too, were for example we went for Thawte.
Bogdan Mitrache Send private email
Thursday, September 11, 2014
 
 
I thought it was mandatory to get a Verisign one, it appears they are using it to verify your identity rather than signing the app.
Ducknald Don Send private email
Thursday, September 11, 2014
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz