[Help Needed] Code Signing - Windows Defender & Browser Warnings
SlapBot opened this issue · 4 comments
In order to remove the windows defender warnings, application release has to be code signed.
The documentation available at electron-builder suggests that in order to sign your app, you need a certificate and it has to be bought from one of the authorized vendors from Microsoft. They recommend the one from digicert which costs around $699 a year.
Electron's official docs also touch on the matter with a similar suggestion:
Get a Windows Authenticode code signing certificate (requires an annual fee)
You can get a code signing certificate from a lot of resellers. Prices vary, so it may be worth your time to shop around. Popular resellers include: Digicert
I'm eagerly looking for some help around code signing this application without spending much money considering it is suppose to be a completely open source app. If you have any experience around code signing windows builds. Kindly reply in the thread.
BTW, There are some less expensive options about halfway down the page, here.
https://aboutssl.org/cheap-code-signing-certificate-providers/
Thanks for the link! Although I don't really want to spend money on a open source project but nonetheless its better than whats currently available!
I've personally never used them, but some googling landed me on a few posts mentioning certum as a cheaper option for open source certs:
https://blog.aluxian.com/free-code-signing-certificate-for-open-source-software-d836270823a7
https://en.sklep.certum.pl/data-safety/code-signing-certificates/open-source-code-signing-1022.html
It looks like they're typically 25 euros a year which isn't too bad, but unfortunately it also looks like you have to use a cryptographic smart card / reader which you'd have to buy the first time.
Ah good solution for the long term but need to buy certain things before hand.
Btw Certum use to provide free certs for open source projects, however it got discontinued since 2016: https://stackoverflow.com/a/1177748/6303162
I've tried to document other similar CAs in the README under browser warnings tab with hyperlinks.