A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.
We're closed, folks!
Doug Nebeker ("Doug")
I am hoping someone who has recently gone through this can give me a quick answer.
I already have a Comodo cert I am happy with and am investigating submitting a desktop app to the Windows store. Reading the Microsoft information http://msdn.microsoft.com/en-us/library/windows/desktop/dn374786%28v=vs.85%29.aspx does not help much since it does not explicitly outline requirements about code signing. It says "All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must be signed with an Authenticode certificate" but it does not restrict it to only Verisign.
Past posts on this forum are unclear about whether a Verisign cert was actually required in the end:
>> My app is in the store and I did not have to purchase anything like a Verisign license.
This post from August 2013 indicates you can pass certification with non-Verisign but you can't submit to the store without one:
>> The problem is, when you’re SUBMITTING the result. You’ll need a VERISIGN certificate.
http://msdn.microsoft.com/en-us/windows/desktop/jj134964.aspx has a step stating a code cert is required leading to http://msdn.microsoft.com/library/windows/desktop/hh801887.aspx which lists Verisign or DigiCert options. The DigiCert non-EV certificate is $267 for 3 years (50% off for "SysDevs" whatever that means). I can't get pricing on the Verisign cert but I assume it is more expensive since I have seen the $700/year price mentioned.
So is "$267 for 3 years" the minimum cost I should expect to incur if I want my desktop app listed in the Windows Store? Or is there no specific vendor requirement for the Authenticode signing requirement? I'm really debating whether I should even start down this path what with all the myriad Windows Certification requirements listed at http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx . Did all the "junk" Windows Store applications really pass all those requirements?
Any Authenticode certificate from a certified vendor is enough. It is NOT mandatory to get the certificate from VeriSign.
The same recommendation stands for Windows desktop applications too, were for example we went for Thawte.
Thursday, September 11, 2014
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz