Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sign application with a certificate in ClickOnce deployment

For my Windows-based application, I would like to use ClickOnce as the deployment technology. My application will be distributed via the Internet.

In the article ClickOnce and Authenticode, I read that:

For ClickOnce applications, you must have an Authenticode certificate that is valid for code signing. You can obtain a certificate for code signing in one of three ways:

  1. Purchase one from a certificate vendor.

  2. Receive one from a group in your organization responsible for creating digital certificates.

  3. Generate your own certificate with MakeCert.exe, which is included with the Windows Software Development Kit (SDK).

In my case, number 2 is not applicable.

As I read a few rows later:

By default, ClickOnce applications signed with self-certs and deployed over the Internet cannot utilize Trusted Application Deployment.

(Emphasis mine.)

I cannot understand the meaning of this by default. Is the option #3 possible or not in my case?

And then, to understand all the possibilities, what does the #1 imply ? ("Purchase one from a certificate vendor") What kind of certificate should I buy? Which certificate authority can be recommended? Depending on what I should choose? How much does a certificate cost?

like image 810
Dev Avatar asked Apr 13 '12 16:04

Dev


1 Answers

It must be a "Microsoft Authenticode Certificate". It allows us to sign all kinds of Windows executables and code, including .exe, .cab, .dll, .ocx, and .xpi files.

It is not mandatory to sign an application, but if we do it our users won’t see a warning message stating that the author of the software is unknown.

Microsoft Authenticode Certificates need to be issued by a trusted certificate authority. Unfortunately, the prices are quite expensive. More information and some examples are on page Microsoft Authenticode Certificates.

UPDATE I purchased the certificate through KSoftware, which is a Comodo retailer. The price is quite good compared to alternatives: $95/year. The process is faster than I expected: I applied in the morning and in the evening my certificate was already available. (For those interested, I followed this step-by-step guide.)

like image 57
Dev Avatar answered Sep 28 '22 06:09

Dev