Home / GitHub Page

To renew or not to renew Windows Code Signing Certificate?

#1

The Windows application Code Signing Certificate will soon have to be renewed, but what cheapsslsecurity is asking for is quite tedious and/or expensive. And it’s especially annoying to have to do it every year when renewing. I need to either do it as a company and put personal details on public records (including personal phone number and address), or I can do it as a person, but then I need to get documents certified by a notary, which is going to be expensive and tedious.

So I’m wondering if it’s necessary at all to renew this certificate? Normally if an application is new and has never been downloaded, Microsoft is going to display a scary warning. However, I’ve heard that if the app has been downloaded many times, it won’t do so, even without a certificate. However I’m not completely sure about this.

So I’m wondering if someone here knows something about signing certificates? Is it worth renewing it or can I let it expire and try to create releases with no certificate? I guess the risk is to end up with an app that shows a scary warning every time it’s updated (casual users might then decide to stop using it). Any ideas?

1 Like
#2

Eventually I’ve bought the certificate update anyway. A few notes about it in case someone duckduckgo this issue and, like me, coulnd’t find any info:

  • Looks like certificates are really compulsory to avoid the warning popup. Even with a certificate, the warning popup will show up at the beginning, but once Windows learns that the program is not harmful it will remove it. Without the certificate the popup always shows up.

  • Comodo (via CheapSslCertificate in my case) are flexible on their procedure to obtain the certificate. Normally, you either need to do it as a company and put your phone number on a public website, or do it as an individual but then you need to provide documents certified by a notary or lawyer, etc. That’s the standard procedure. However, after a few emails, they did a simplified one where they simply called me, gave me a number, which I then needed to enter into their website. And that was it, after that they delivered the certificate update - so money and time saved!

1 Like
#3

They didn’t charge anything?

#4

Yes they did, it was $83 for 12 month (but they messed up and it’s only for 10, which I’m now trying to get them to fix). Thankfully donations now cover this so this is not an issue. If a notary had to be involved it would probably be a lot more.

1 Like