On Signing a Windows App

First I would like to tell you, that I have purchased an OV code signing certificate for one year. I found out from a blog, that K Software has at the moment the cheapest OV code signing certificate, $84 for one year.

As MicroSoft says in their documents, you must have a certificate, if you want to distribute or sell Windows apps.

There are three main categories of certificates on Windows platform: Open Source code signing, OV code signing and EV code signing.

The first is the cheapest — in the best case free — the last is the most expensive.

Open source code signing suits you if you do open source projects. You can check the definition of open source development here.

In the other cases the other two mentioned certificates are for you.

The OV certificate doesn’t prevent at first the smart screen to appear. In time, when you get enough downloads the smart screen won’t appear anymore. The EV certificate that is the most expensive, gives you immediate trust and no more smart screen to your apps.

The main benefit of OV certificate is, that none of the AV software programs considers your precious application a harmful file.

Once you have the certificate, signing the exe is as easy as follows:

The signtool.exe can be found at c:\program files (x86)\Windows Kits\… The appropriate path should be added to your system’s %path% environment variable. If you don’t have …\Windows Kits\ search the internet for Windows SDK version 8.1 or 10.

I have today signed most of my Windows apps. Smart screen will at first still warn you, but the file is no more considered a harmful file.