Code signing certificate for windows

We encounter several problems when we tried to deploy our new version of ORM Designer – Skipper to our new web site skipper18.com. Although new Skipper installer is very simmilar to ORM Designer installer, when downloading this exe-file from the new site  we are getting this error:

installer.exe is not commonly downloaded and could harm your computer

IE_No_Digital_Signature

 

The problem is somewhere in chrome/IE when evaluating downloaded file. Probably combination of new site, new executable and new name of product is the problem.

To fix this issue, we decided to sign-in installer and application executable by Code-signing certificate. There are a lot of certificate providers and the costs are very different. A lot of providers are selling these certificate for around $500/year. Fortunately it’s possible to found certificates also for $75 – $95/year. The cheapest one is from tucows.com but based on the site and additional tools I decided for ksoftware.net, The price $95/year isn’t so different but they offer also command line and GUI signing tool for their certificates called kSign.

Order process

Fill your company details, pay with paypal and wait until someone from Comodo will contact you with additional details. It’s necessary to have the same contact information on the domain registration as on certificate registration. It is also necessary to have company registered in one of publicly available lists with the same company information as on certificate registration.

Next step is a validation through phone call. It is a quick call when you confirm registration info through the call in order to verify your phone number. Phone call is the last necessary step and then you receive email with certificate:

Windows developer certificate

Usage

Signing of the application and installer is pretty easy. K-Software offers two applications for this purposes. The first one is with GUI, second one is command line based. Both applications need only few parameters like where the certificate is stored, certificate password, application description, link and executable location:

kSign

Command line application is executed through following command:

kSignCMD.exe /d "Skipper application" /du "http://www.skipper18.com" /f PATH\certificate.pfx /p PASSWORD PATH\Skipper.exe

And that’s all. Now if you checked your executable through properties in Windows explorer, you see that your application is correctly signed:

Signed application

External links