Hang in there a little longer:
ah. Hopefully that happens sooner rather than later.
@koaladsp-cecill and @sudara thank you so much for the guides!
The only part I got burned on was forgetting about the 2nd role of Trusted Signing Certificate Profile Signer for the app. Once fixed, worked perfect.
I was using SSL.com cert for $129/yr and using the SSLManager GUI tool made it simple to sign. But during a recent renewal process, I was informed that option is no longer available. It still is $129 for the cert, but you either need to spend one-time $279 on top of that for a Yubikey or $240 for a yearly eSigner subscription.
Using MSFT’s new Trusted Signing Account at $9.95/month “all in” is a good price.
I might wait a day or two before tackling AAX signing 
Thanks again!
1 Like
A YubiKey 5 FIPS is only around $80 - $100 depending on the model you buy.
Rail
I got half way through the vetting process with GlobalSign and decided to give Azure a try. It’s funny, the form wouldn’t allow “apu.software” domain (lazy front end programmers like to imagine only .com exists). But I was able to continue by putting a .com domain and then copying and pasting the “apu.software” which then somehow doesn’t re-trigger the form validation and allowed me to submit.
Due to the wording about the 3 year requirement being for private preview, I have some small hope that the public preview actually lets me through. Fingers crossed. Thanks for the great write-up in any case!
1 Like
So now is public and even newer companies can apply?
It’s in public “preview” until June, which just means it’s free and they are still sorta opening it up to the world. Their docs state:
Trusted Signing at this time can only onboard Legal Business Entities that have verifiable tax history of three or more years. For a quicker onboarding process ensure public records for the Legal Entity being validated are upto date.
They also responded on their announcement post saying they are still working on it.
So unless @caustik experienced something different, my assumption is you wouldn’t pass identity validation without a 3 year old business…
2 Likes
I still don’t know. They haven’t given me an update yet.
1 Like
Just went through the process, now waiting for public validation and I gotta say: this was a breeze so far! (i do have that 3-year history, that probably made it easy)
Thank you so much for that very well written tutorial @koaladsp-cecill (and if I could I would also tag Microsoft here to say thank you for finally offering an appropriate, non-3rd-party solution for Windows code-signing).
I’ve worked with SSL EVs for the last 4 years - and it’s an ongoing pain on so many different levels, don’t even get me started…
So it makes me extremely happy to finally ditch them, and I’ll do so even though I have another year on my SSL EV.
$9.99 for 5000 cloud signatures per month is an absolute no-brainer, the setup was extremely smooth, especially compared to what you go through with SSL, and I love how it all feels very AWSish in terms of self-direction and control over your cloud environment.
The physical-dongle EV certificate costs so much more and is such a headache, I’ll have gladly wasted the 3rd year of my 3-year EV and move to Azure immediately. Can’t wait for Monday to come for my public validation to go live and I can start moving my build system over.
I can now finally ditch the Raspberry Pi power-controlled Windows machine under the stairs and just use hosted Github runners for anything 
(@caustik just because you mentioned SSL eSigner above, don’t fall into that trap like I did. I forgot about the insane pricing after a while and got slapped with a $700 bill just for debugging my setup in a production outage… check EV pricing here: eSigner Pricing for Code Signing - SSL.com
Basically, you get 10 signatures for 100/month and then it’s $10/signature. All of that ON TOP of your expensive EV certificate, which you still need for eSigner. So don’t do it that pricing is why I’m still using a hardware dongle, and why I’m so excited about Azure. I get the frustration that they still have strict entry requirements. The EV certificate market is horrible and I hope they open that up for new developers soon, it sure looks like it’s close)
1 Like
I want to leave this here for other Github Actions users:
Seems like there is a full-fledged Action for your regular old files already, and the requirements that are installed for that Action should also suffice for you to use signtool.exe and wraptool for AAX, which you have to install separately on a runner of course, as described.
(I haven’t tried any of this yet as I’m waiting to be processed, but this looks extremely promising)
Well I was going to do the local dongle style (my favorite EDM genre) because yea I saw what a ridiculous ripoff that eSign crap is. It’s going to be extremely satisfying watching all these rent seeking cert companies crash and burn.
3 Likes
First of all: Thanks heaps, Sudara! Without your guide, I would never have attempted to sign up with this new Azure signing. These forms are truly menacing.
Your guide is great, but unfortunately I have to report I could not get Microsoft to accept my one-man company for now.
I am a Swiss citizen and we have laws in place that make anyone self-employed a one-man company without any paperwork as long as the income stays below some threshold. I’m doing this since more than twenty years and never required any official formation documents for anything, but it seems with Microsoft/Azure I’ve met my true nemesis .
I couldn’t get them to accept my application and complete the Trusted Signing Identity Validation. So I will try to get official certification as the next step.
Did they actually notify that you were not accepted?
I’m registered as a single-person LLC in the US, and they’ve simply never responded to the request for identity validation. It just says “In Progress” for weeks now.
Yes, I got an email and I can see on the Azure pages that the validation has status “Fail”. The only option I have seems to be to start another validation procedure, but I guess I need more papers before I can consider doing that.
Unfortunately I have to report the same, even though I have a 3+ years old company, tons of paperwork and submitted everything correctly, my validation status just went to “Failed” without any further explanation 
I opened an issue with Microsoft Azure Team here, but haven’t really gotten a usable response so far:
Some contrary anecdata:
I was validated in less than an hour, at something like 8PM CEST! 
One man UK Ltd. company running for about 4 years now.
Sudara’s guide was very useful, but of course I ran into some issues when it actually came to signing, mostly about how variables work in Azure Pipelines, but got there in the end, about 6-8 hours in total to get a signed installer that no longer triggers that bloody SmartScreen warning. 
4 Likes
This is awesome, but we have decided to not use cloud-based services for signing … has anyone got any tips/tricks (or another thread) on doing the signing steps locally? I’m assuming I can gain a lot of knowledge from pamplejuce already, but I would be replacing all the cloud functionality with local details …
The OP guide is specifically about running everything locally I believe, but I only really skimmed it since I do my Windows/Linux builds on Azure Pipelines.
If you don’t have any paperwork at all re: tax registration or registering an address in the city, could you maybe find some “official” city/state reference online to your business and pdf it?
I would definitely submit a new request…
People have seen success by submitting different variations to identity validation (you could try different versions of the name?).Guess they have a few bugs to iron out with those form validations, yikes.
Just to complete the picture here: I’m getting reports on my blog of people passing identity validation within an hour or two — so my suggestion to anyone failing/hanging is to re-submit and maybe change up what documentation you are submitting. Meha, the support person helping @benediktadams on the docs repo is great, she’s helped me out numerous times and is helping out another friend of mine, she might just be sorta swamped right now!
Thank you for the update!
I’ll definitely give it another go with more papers I’m in the process of organising… However maybe the fact that the official stuff I submitted so far is mostly in German hasn’t helped my cause. Has anyone bothered translating their tax forms?
The whole thing feels like there’s some kind of bot doing the responses to document submissions, asking for the same kind of papers repeatedly via email… maybe it’s just not finding the right keywords in my weird foreign documents.