Hey Ton, Well, the cert is just like any other SSL/x.509 certificate you would get, except the properties of the certificate allow (limit) it to be used specifically for signing code. You can get certs that can be set to only be used for email, signing or encryption etc. The thing that makes this use of the certificate unique (compared to regular SSL certificates) is that you use special tools on Windows to sign binary files (as opposed to installing in a web server like we do with SSL). Although given the special purpose of making your software look reputable and legitimate, they (the industry) of course demand a premium for the cost of generating these certificates (ie: they charge you up the wazoo!). Like our EV certificates, I believe they also go through extra identity checks before they just hand one of these certificates over to you.
Comodo (our certificate provider) offers these certificates as well if you are interested (Starting at $166.95/year): https://www.comodo.com/business-security/code-signing-certificates/code-signing.php With one of those, you should be able to follow the steps in the Microsoft url I pasted earlier to do code signing. I believe you could even generate your own self signed CA cert and create one of these code signing certificates to test the tools, but such a certificate would not be trusted of course, and would only be useful to practice the workflow. Dan On Thu, Nov 6, 2014 at 12:37 PM, Ton Roosendaal <[email protected]> wrote: > Hi, > > I don't mind paying a bit, for as long it's an undisputed, official cert > recommended by Microsoft. > > -Ton- > > -------------------------------------------------------- > Ton Roosendaal - [email protected] - www.blender.org > Chairman Blender Foundation - Producer Blender Institute > Entrepotdok 57A - 1018AD Amsterdam - The Netherlands > > > > On 6 Nov, 2014, at 15:51, Dan McGrath wrote: > > > It sounds like Microsoft calls this "athenticode". I don't have any > > personal experience with it myself, but I did find this url at > Microsoft's > > website that might be of use to those looking into this: > > > > http://msdn.microsoft.com/en-us/library/ie/ms537359(v=vs.85).aspx > > > > Dan > > > > On Thu, Nov 6, 2014 at 9:12 AM, Ton Roosendaal <[email protected]> wrote: > > > >> Hi all, > >> > >> For OS X we sign the binary using our Apple developer account. > >> It seems there's a similar system for Windows exes too. > >> Please advice! > >> > >> (See mail below). > >> > >> -Ton- > >> > >> -------------------------------------------------------- > >> Ton Roosendaal - [email protected] - www.blender.org > >> Chairman Blender Foundation - Producer Blender Institute > >> Entrepotdok 57A - 1018AD Amsterdam - The Netherlands > >> > >> > >> > >> Begin forwarded message: > >> > >>> Subject: Vendor Approval Issue > >>> Date: 6 November, 2014 14:17:11 CET > >>> To: [email protected] > >>> > >>> Hi > >>> > >>> I have a generic issue that needs addressing so I have contacted > >>> this email address in the hope that you can redirect it > >>> appropriately. > >>> > >>> I use Comodo Internet Security Premium which includes a Defense > >>> Plus element for monitoring running processes. Whilst I have > >>> approved Blender as a process it refuses to recognise the Vendor as > >>> the .exe file is not signed and has no developer information so it > >>> will not allow me to add it to the approved list and keeps flagging > >>> it every time I launch Blender. > >>> > >>> I am bringing this to your attention as it is annoying and I am > >>> sure other users are experiencing the same issue and it could be > >>> easily resolved but that can only be done by the development team. > >>> > >>> Trusted Vendors can sign up here to be whitelisted: > >>> > >>> http://internetsecurity.comodo.com/trustedvendor/signup.php > >>> > >>> Many thanks > >>> > >>> Mark > >>> > >> > >> _______________________________________________ > >> Bf-committers mailing list > >> [email protected] > >> http://lists.blender.org/mailman/listinfo/bf-committers > >> > > _______________________________________________ > > Bf-committers mailing list > > [email protected] > > http://lists.blender.org/mailman/listinfo/bf-committers > > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
