Get and implement windows code signing certificate #34
Comments
|
According to electron-builder documentation (https://www.electron.build/code-signing#windows) we need either:
a code signing certificate will display a warning to the user until enough users have installed the app to build trust, at which point it'll stop showing to new installs. an EV code signing cert is more expensive, but will not show a warning ever. The drawback of the EV code signing cert though is that it's bound to a physical USB dongle, and thus will need to be physically attached to the machine that's doing the signing. This means no circle builds, so i'm not sure this route will work. According to Microsoft, the certificate can be bought from a few vendors, such as DigiCert and Symantec: https://www.digicert.com/friends/sysdev/ the EV Certificate can be bought from them as well: https://trustcenter.websecurity.symantec.com/process/trust/productOptions?productType=EVCodeSigning&flavor=MSAuthentiCode&application_locale=VRSN_US&newLanguage=en We'll need to make a decision on the following points:
|
|
any input @rickmanelius / @cyberswat ? The sooner we get an application in, the sooner we can get signing. I'm not sure how long the approval process is, but on mac it's quite the wait from what i've read. |
|
No input other than Kevin and I had overlapping PTO and I'm still catching up. Tagging as a blocker once https://github.com/drud/general/issues/137 gets in and we can triage/prioritize from there. |
|
@rickmanelius just need to add this to the budget and proceed. It's $449 per year if you buy it through digicert and pay 1 year at a time. $399x2 if you do it for 2 years, and $331x3 if you do it for 3 years. The process for this is lengthy and will take a couple of weeks. Let me know when we should start this process. |
|
Let's do one year! |
|
@cyberswat which cert are you looking at? The standard Code Signing Certificate is showing up at $267 for 3 years ($89 a year) and the EV Certificate at $497 for 3 years ($165.67 a year) through digicert for me? |
|
https://www.digicert.com/code-signing/ev-code-signing/ ... we started the order focusing on the per year cost. Hopefully let's encrypt let's us sign these by the time next year rolls around. |
|
We might not want the EV cert. The EV cert is on a physical dongle and that means we will need a dedicated machine to sign our installers. Also, MS directly linked me to https://www.digicert.com/friends/sysdev/ , which gets us 50% off as a developer. Not sure who would be buying a cert besides a developer, ha. |
|
Had a quick call w/@andrew-c-tran and @cyberswat. We'll just eat the cost of the EV and get the standard. Kevin may be following up with the need to get additional information. |
|
@cyberswat did we ever get this cert? |
rickmanelius
changed the title
|
Placed an order for this. They are validating the address of the company. |
|
@rickmanelius We changed our phone number which is leading to this response from them. I'm not quite sure how to deal with this right now so I'm recording it here. I am trying to finish the validation of your Code Signing certificate order for DRUD Technology, LLC and I need your help with just one thing: To verify your phone number, please send a document such as a utility bill (telephone, gas, electric, water, or internet), bank statement, rental agreement, or any government issued document. You may block out any sensitive information as long as it shows your organization name (DRUD Technology, LLC) and phone number (8772288125). Send this document to support@digicert.com or fax it to +1-801-705-0481. Write "Validation #02558320" in the subject line. Once we verify this, we will move to the next step of the validation process. |
|
The address is on the bank statements, but not the phone number! |
|
@pgalligan80126 Would our phone bill satisfy the conditions outlined above? Can you send me a copy outside of this issue if so? |
|
@cyberswat Could you please let me know how this ended up? We need this for ddev Windows installer. |
|
This issue was moved to ddev/ddev#821 |
What happened (or feature request):
To send out trusted install packages for Windows we'll need a code signing certificate which must be purchased. Link to that page on https://www.electron.build/code-signing#where-to-buy-code-signing-certificate
There seem to be a variety of prices from the various vendors.
What you expected to happen:
How to reproduce this:
Version: Please include the output of
ddev version,docker versionand the project's .ddev/config.yaml.Anything else do we need to know:
Related source links or issues:
The text was updated successfully, but these errors were encountered: