Becoming a trusted Windows installer?

Hi, I want to certify my plug-in installers.
I’ve heard on here that people like Comodo. But I’m finding the process difficult to understand. Comodo seems to have changed quite a bit since I last looked.
Can someone please explain what cert I need to stop Windows complaining about installation permission?

Ok, I believe I need one of these:

I’m going for the cheaper one, I presume that’s going to be OK for a lone developer?
Does that include the ability to install stuff in ‘Program files’ folder?

We have a comodo certificate and everything runs smoothly

You need a Code Signing Certificate. According to my records I used Sectigo, but I assume via a reseller, because I definitely didn’t pay $179. You’ll need either a Limited Company or you’ll have to get some official documentation notarised by a solicitor in order to complete the process of getting a CSC, I found the whole process really quite opaque and frustrating, all the help and documentation seems to be hidden and you’re required to pay for the thing before you get any answers!
The only thing it changes is when people execute your installer, instead of showing

will have your company name or legal name in the publisher section, and you get a nice blue “this isn’t so scary” warning box that changes are about to be made.

Thanks for the replies, folks.
So for Sectigo I’ll use one of these, they are the same price as Comodo it seems:-

Do I have to be a LTD company for the basic one? I thought it was just the EV that needed extra validation?

Right, same price, but don’t buy it direct, you can get them for about $70 through a reseller!

You don’t need to be a Ltd Co, but my understanding was that without you need to have some document (no idea what though, probably a passport or drivers license perhaps?) notarised by solicitor.

I set myself up as a limited company, as that seemed like it would be less hassle in the long run, saying that it took me about 4 months to get everything set up properly (Ltd Co, domain name, Windows Certificate, Apple Certificate, website and FastSpring shop), but I’ve been very happy with how it’s going since launching.

But I thought they ARE resellers?
It’s not directly through MS or Apple.

On recommendation here from the forum I got mine from, which is also a reseller of Commodo certificates.
Also had no issues…

MS doesn’t sell it’s own certificates, you need someone with an accepted root CA, which Commodo is. But there are more root CAs available as well.
Only Apple sells their own through their Dev programme.

1 Like

OK, thanks Daniel. I’ll try them.

@richie Hi, Ihave become a LTD company, but Sertico wants to:-

“We have accepted your bank statement which you have provided to verify the address. We must able to verify your company existence and phone number in valid online directories in your region, so please register your company name address including phone number in valid online directories in your region and get back to us.”

I can’t use any information because of “General Data Protection Regulation” restrictions it seems, plus it’s my own private phone number and I don’t really want to publicly distribute it - If you see what I mean?
How did you get around this phone number thing, please? It all seems terribly old fashioned.

I created one at sipgate… put it on my mobile phone, and once the verification was sorted, removed it from the device…
If anyone would dig up that number now, I get an email with the voice message as mp3 attachment…

Thanks Daniel, I’ve never heard of them. How did you get around the ‘online directories in your region’ part? Or do they just ignore it and think you’re somewhere in Europe, so that’ll do? As you can tell, I’m getting a little stressed over this.

Oh sorry, I AM in Europe :wink:
Worked twice for me, once in Germany and did it again after relocating to UK…

I think sipgate is available in many countries. And listing the address in yellow pages online was no problem.

Since you gave them your address already, I guess it should be an online phone register, that is hosted and used in your area. The idea is just, that if a user would want to find you, they had a chance. Even though you put the number after that on a dead device, “let it ring in the basement”…

They also just do their diligence. The verification proves, that you were accessible at one point. What happens after that they cannot and will not check.

We applied for a DUNS number ( That one is also needed for a company Apple Developer Account.

Oh I see they have UK, OK started with them, thanks again.

LOL - I guess I have to be a bit more patient, as they have to send a ‘start code’ by post to my address!

Haha, yeah! Like I said it took me about 4 months to get all the pieces of the puzzle finally ready to be able to sell my plugins, but worth persevering.

I was lucky the LTD came through in a day. I guess it was because I already had a tax code for the name…it made me want everything else immediately! :grinning:

I already have an Apple dev account for over 2 years now, because it is for my own name.

Well now, THAT was a little painful. :slight_smile:
I’ve finally got the cert from Sectigo.
Because my company was only LTD less than 3 years ago. I had to go through the Extended (EV) process instead. Which meant going through a Solicitor or an Accountant. And get them to send a letter based on their template, giving information about myself and my company.
The pain came from my Solicitors (don’t ever use ‘Hine’ BTW) - they just didn’t reply for 4 weeks, then suddenly decided that they can’t do it, giving no reason. :unamused:
Another solicitor stated that they “don’t know who Sectigo is, and therefore they are in no position to do anything” … :weary:
I finally got an my old Accountant to do it (Hazlewoods) for £200 which was much cheaper than anything the Solicitors were quoting.
Anyhow, after a bit of toing and froing, like they do, I got a final phone call from them today. Which was a bit messy, because a lot of the links I had to click, didn’t do what the lady on the phone said they did. :laughing:
So the short version is, use and accountant to fill out the EV form.

As a bonus for having to get an EV cert you can sign AAX, not possible with a standard certifcate I’ve just found out :confused: