* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Code Signing Certificate to avoid BIG Windows 8 warning


Im a close watcher of this forum,when i was going to ask you guys about this issue,i find a lot of  recent similar posts.

The thing is i have a setup file,its currently unsigned.When i download it from the website and execute it,Windows 8 Does NOT show any specific warnings.Just the normal Uknown publisher thing.

Completed a new version with lots of bug fixes and improvements.I simply upload the exe file(program executable not setup ) to dropbox and tried downloading.Windows presented me with a big message in Blue plus


 this chrome shows its not commonly downloaded,discard message.

Note that my current version does not have this issue at all.
Will packing into an installer fix this?
And will it help if i get a code signing certificate? Is there any free providers of code signing certificates?

And is the process tedious,im just an individual developer.
Comodo seems much on the economy side,i dont make much money.

Please advice
skymax Send private email
Monday, February 02, 2015
Let me quote from my old blog post:

"If you remember what TUCOWS originally stood for, you have been in this industry for too long. Anyway, today’s Tucows has a special reseller deal with a major Certificate Authoity (CA) and sells their code signing certificates for $195 for three years. Just in case, the same 3-year certificate bought directly from that CA would cost you $500.

To get advantage of this offer, go to Tucows Author Resource Center at https://author.tucows.com/, register as an author (free), log in, and follow the “Code Signing Certificates” link in the sidebar."
Dmitry Leskov Send private email
Monday, February 02, 2015
The process of getting a code signing certicate can be very tedious and time consuming, so get a long duration one if you can. Actually using it to sign stuff can be painful as well. I find the following utility a massive help with this: https://www.briggsoft.com/signgui.htm

Signing your application will help with Windows 8. It won't help wit the Chrome not commonly downloaded issue. There are work arounds for this issue, such as hosting your downloads on Google Drive.
Andrew Gibson Send private email
Saturday, February 07, 2015
When you buy a cert for 3 years, does it work with any software you release in those 3 years, or is it just for one app?
PSB136 Send private email
Saturday, February 07, 2015
I got a Comodo certificate from http://www.ksoftware.net/. It was pretty painless.

Signing is 2 extra lines in the .bat file I use to build the Windows versions of PerfectTablePlan and Hyper Plan. 1 line to sign the executable and 1 line to sign the installer.

To sign:

signtool.exe sign /f <.pfx file> /p <password> /t http://timestamp.verisign.com/scripts/timstamp.dll <.exe file>

To check the signing:

chktrust.exe <.exe file>

That's it! signtool.exe is a free Microsoft tool. If it isn't already on your machine, the googles should tell you where you can find it.

It is more complicated on Mac:


You only need 1 certificate per company. Not 1 per app.

Note that (of course) Mac certs aren't accepted by Windows and vice versa.
Andy Brice Send private email
Sunday, February 08, 2015
Also, not all valid certificates are recognised by Windows. IIRC you need a class 4 authenticode certificate whose root certificate is recognised by all the versions of Windows you want to target. You can use your website SSL certificate, but Windows won't recognise it. Comodo certificates are the cheapest authenticode certificates that work with all versions of Windows (as far as I know).

See also:
Andy Brice Send private email
Sunday, February 08, 2015

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz