Are there any advantages in signing an application?
I looked recently into signing my application. The price is AT LEAST one hundred euros/dollars per year for EV (anything less than EV seems pointless anyway).
My application uses a basic installer (self-extracting WinRar) that requires no admin password. But the drawback of this is that I cannot install the app in Program Files.
The actual problem here is that you will find lots of resources that tell you how to sign your app but not so many (at all) that tell you if there is any real advantage. For example: do the regular PC users care when they install and app and Windows shows "Publisher: unknown" or they just quickly hit the OK button to have the installation process done as soon as possible?
Honestly, I don't think that the user reads and cares about "unknown". That might stop him is actually the yellow color (instead of blue).
So, my question for those that already did code signing for their apps is: have you seen an improvement (downloads, installations, sales) after signing your app?
Should I invest any time/money/energy in this?
Update: It seems that having the app signed is not enough. After that, you have to keep fighting to improve your reputation factor, otherwise, Microsoft SmartScreen might pop-up: https://mkaz.blog/code/code-signing-a-windows-application/
For those interested in prices, here a few random offers sorted by price. I will also post the documents required: Signing a Windows EXE file
For those interested in prices (and few extra tips), here a few random offers sorted by price.
The documents required (by Sectigo, in my case) for obtaining an OVL are:
- company's registration certificate
- a photo of you holding your ID close to your face
- a phone landline so they can call you for verification (it as actually a robot calling you to give you a number, that you have to enter then into the browser).
The whole verification process (especially phone) took like 2 months because they involved some kind of automatic calling that did not work on my line/phone?.
I will post soon the number of downloads necessary to get reputation for your newly signed exe file. At this point, I can tell you that 1000 downloads are not enough.
- C# import certificate and key (PFX) into CNG/KSP
- How to bypass certificate errors using Microsoft Edge
- How to extract the signature value from a certificate in PHP
- How to get the popup menu to select user certificate in Tomcat 10 server?
- Azure ClientCertificateCredential - Using SNI
- Java SecurityException: signer information does not match
- how to renew expired certificate with fastlane?
- Creating Azure Self Signed Certificate
- Certificate issue when Connecting with Azure Service Management API
- .Net Core Web API with Client Certificate Authentication
- How to sign and notarize a PKG within a Github Actions macos runner
- Creating PKCS#12 keystore with multiple certificates using OpenSSL 1.0.0a
- "Warning: unable to build chain to self-signed root for signer" warning in Xcode 9.2
- Setting up SSL certificate in Visual Studio
- can I use my developer certificate on multiple Mac?
- How do I export Apple Developer Id Certificate without using Xcode
- Getting Chrome to accept self-signed localhost certificate
- Could not create SSL/TLS secure channel - Could the problem be a proxy server?
- Unexpected " The remote certificate is invalid according to the validation procedure."
- Relationship between key store, trust store, and certificate
- BasicHttpBinding using transport security with Self signed Certificate
- How do I connect to an update site in Eclipse when I get an "Unable to read repository" ProvisionException error?
- Disabling SSL verification for Elastic search Restclient not working in Java
- Are there any advantages in signing an application?
- Signing a certificate with my CA
- How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
- How to Grant permission to user on Certificate private key using powershell?
- Why do HTTPS requests produce SSL CERTIFICATE_VERIFY_FAILED error?
- How do I: Delete old Certificates windows servers using Powershell (Azure Classic Release Pipelines)
- Docker: Could not read CA certificate: no such file or directory