> On 16 Nov 2022, at 00:41, Andrew Bernard <andrew.bern...@mailbox.org> wrote: > > I have never had a Windows app certified, but I don't think there is any > cost associated with it, it's just a process at Microsoft. This sort of > signing in not a TLS certificate possibly involving cost (though most people > use Let's Encrypt now). > > This is a page from Microsoft. I think it's outdated but the principles would > remain roughly the same. > > https://learn.microsoft.com/en-us/windows/win32/win_cert/windows-certification-portal > > That's something else... a 'sign of approval' for coding practices that you use the Windows operating system internals (API) appropriately (so no failure is to be expected from future updates that change the inner workings of APIs or remove already deprecated APIs)
The issue at hand with windows and some anti-virus apps is that they block any app that is not code-signed by a trustworthy code signing certificate (at least until sufficient crowd-sourced evidence has been collected that a not-yet trusted app would be safe to use). For the 'trustworthy code signing' you need a code-signing certificate, which is much like the TLS certificates, but meant for code-signing instead of server-authentication (the intended usage is part of a certificate) https://www.computer.org/publications/tech-news/trends/what-is-a-code-signing-certificate Like the TLS-certificates they exist in flavors 'standard' and 'extended validation' for a variety of prices, but unlike Let's Encrypt for TLS certificates there is no for-free code-signing cert (as code-signing certificates require a level of validation of the requesting organisation and requester, whereas the domain-validated TLS certificates need only proof that requester is in control of the domain name(s) for which the cert is requested and makes no assertion on who/which organisation is behind a certain domainname).
