I am looking for a certifier for my Windows app, and I am wondering which certificate type I should choose for the application of my startup. I saw that there are mainly two types - so-called OV and EV certificates. A quick summary from SSL.com (for code-signing a desktop application)
An EV code signing certificate offers an immediate reputation with Microsoft SmartScreen, so your users will never have to click through a SmartScreen warning in Windows.
With an OV certificate, SmartScreen reputation must be built organically, as users download and install your files. SmartScreen warnings may occur until enough software proves sufficiently popular with Windows users for SmartScreen to view it as “well known.”
I understand the differences, and most articles refer to them in the use-case of Web SSL certificates. But would you recommend an EV certificate for a desktop application from a startup? Or is it not worth the money? Any help is highly appreciated!
So no, you cannot use an SSL Certificate to sign scripts and executables and you cannot secure your website's connections with a Code Signing certificate.
A Windows code signing certificate is a digital certificate to authenticate the executable programs specifically designed for Microsoft platforms. The certificate establishes the authenticity of the programmer and ensures the user that it has not been tampered with.
Code Signing Certificates are used by software developers to digitally sign applications, drivers, executables and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party.
You probably already know that a code signing certificate from SSL.com will assure users that your software is from a known and trusted developer, free from unauthorized modifications and malware, and safe to install. SSL.com offers code signing certificates at both the Organization Validation (OV), and Extended Validation (EV) levels.
This topic covers guidelines for using code signing control classic Windows apps. Typically, Windows Defender Application Control (WDAC) policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted.
If you prefer a more graphics-based approach you can use SSL.com ‘s in-house software, SSL Manager, to sign your files. Many customers prefer to use SSL Manager because it offers the additional benefit of having easy access to all your certificates in one unified interface.
The short answer is that EV code signing certificates are more expensive, but offer a higher initial Microsoft SmartScreen reputation level, and are required for signing Windows 10 drivers. If you are developing Windows 10 drivers, you need an EV code signing certificate.
The real answer here is that you need to be able to cover the cost of the cert, only you know whether you will make enough money from your app for it. The increase in downloads between the two is unlikely to be very big.
Taking SSL.com as an example, OV certificates are offered for 2 years at $232 but EV is $598. If you think that the fairly small percentage increase in downloads will cover this then go for it. It will look more professional that way. After all, $366 to a popular app is peanuts. But if you think your app will not be popular or won't make money, don't waste your cash.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With