[Interest] Qt Install Framework - Becoming a Microsoft Known Publisher

Nuno Santos nunosantos at imaginando.pt
Tue Oct 9 17:58:23 CEST 2018


Elvis,

That’s interesting! Thanks for sharing that info.

The price is considerably different!

I personally think this is a anual robbery! :D

Best,

Nuno

> On 9 Oct 2018, at 16:54, Elvis Stansvik <elvstone at gmail.com> wrote:
> 
> Den tis 9 okt. 2018 17:29Nuno Santos <nunosantos at imaginando.pt <mailto:nunosantos at imaginando.pt>> skrev:
> Christopher,
> 
> In order to have Microsoft’s SmartScreen saying your company name, you need to buy a EV certificate:
> 
> Let me add that it's not strictly necessary to use an EV certificate to get rid of SmartScreen. It's possible with a "regular" certificate as well, it just takes some time for the cert signature to become whitelisted at Microsoft (they track user installs).
> 
> We use a regular (cheaper) code signing cert from Digicert. For a while, users running our installer would still get a SmartScreen warning, but as the number of installs grew, at some point the warning disappeared due to whitelisting.
> 
> An EV certificate would establish trust faster, and I think the rules behind the whitelisting is rather undocumented.
> 
> HTH,
> Elvis
> 
> 
> https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/ <https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/>
> 
> It costs around 300 euros a year.
> 
> There are several providers for this. Globalsign is just one. Then you will receive a usb dongle with your certificate (GlobalSign sends a USB dongle).
> 
> When you have it, you need to configure it. The provider tells you what to do.
> 
> After that you need to invoke a command like this:
> 
> 
> signtool.exe sign /a /tr http://rfc3161timestamp.globalsign.com/advanced <http://rfc3161timestamp.globalsign.com/advanced> /td SHA256 EXE_TO_SIGN
> 
> 
> Best,
> 
> Nuno
> 
>> On 9 Oct 2018, at 16:20, Christopher Probst <christop.probst at gmail.com <mailto:christop.probst at gmail.com>> wrote:
>> 
>> Thank-you Nils for your reply.
>> 
>> I think signing your installer should solve this. "Trust" can be bought
>> with the certificate.
>>  
>> 
>> Please forgive my ignorance, but how does one sign an application with Microsoft? The documentation online seems unnecessary complex for something that should be routine. Any help is appreciated.
>> 
>> Thanks,
>> Christopher
>> _______________________________________________
>> Interest mailing list
>> Interest at qt-project.org <mailto:Interest at qt-project.org>
>> http://lists.qt-project.org/mailman/listinfo/interest <http://lists.qt-project.org/mailman/listinfo/interest>
> 
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org <mailto:Interest at qt-project.org>
> http://lists.qt-project.org/mailman/listinfo/interest <http://lists.qt-project.org/mailman/listinfo/interest>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20181009/030b3cb8/attachment.html>


More information about the Interest mailing list