All geek questions in one place

Sign a certificate application in a ClickOnce deployment

For my Windows based application, I would like to use ClickOnce as a deployment technology. My application will be distributed over the Internet.

In the ClickOnce and Authenticode article, I read that:

For ClickOnce applications, you must have an Authenticode certificate, this is valid for code signing. You can get a certificate for code signed in one of three ways:

  • Purchase it from a certificate provider.

  • Get one of the groups in your organization responsible for creating digital certificates.

  • Create your own certificate using MakeCert.exe, which is included with the Windows Software Development Kit (SDK).

In my case, number 2 is not applicable.

As I read a few lines later:

By default, ClickOnce applications signed with their own certificates and deployed over the Internet cannot use trusted application deployments.

(Emphasize mine.)

I can not understand the default value of this. Is option 3 possible or not in my case?

And then, to understand all the possibilities, what does # 1 mean? ("Buy one from a certificate provider") What certificate should I buy? Which certification authority can I recommend? Depending on what should I choose? How much is the certificate?

+6
source share
2 answers

It must be a Microsoft Authenticode Certificate. This allows us to sign all kinds of executable files and Windows code, including .exe , .cab , .dll , .ocx and .xpi .

It is not necessary to sign the application, but if we do this, our users will not see a warning message stating that the author of the software is unknown.

Microsoft Authenticode certificates of authenticity must be issued by a trusted certificate authority. Unfortunately, the prices are quite expensive. For more information and some examples, see the Microsoft Certificate of Authenticity page.

UPDATE I purchased the certificate through KSoftware , which is a Comodo retailer. The price is not bad compared to the alternatives: $ 95 per year. The process is faster than I expected: I applied in the morning, and in the evening my certificate was already available. (For those who are interested, I followed this walkthrough .)

+8
source

See my answer to the stack overflow question. How to sign a ClickOnce application .

I would definitely suggest getting the proper code signing certificate. In this case, the application installation screen will look much nicer. Personally, I received my code signing certificate from http://startssl.com - and it was only $ 100 (and you received a wild-card certificate domain for your site, as well as a bonus). It is much cheaper than with VeriSign or TrustWave .

+1
source

Source: https://habr.com/ru/post/913144/

More articles:


All Articles