locked
Deleted RRS feed

Answers

All replies

  • Hello Martin,

    Have a look at the following page on How to Add and Remove Apps. It depends on how you want to install them. You can sideload them if that is the preference or you can use DISM and include them in an image. The certificate will depend on what is being used in the domain and how you sign the package. You can use PowerShell or Visual Studio to sign the package. Here is another page on Signing the app package to give you a better overall picture of how to it can be done. Hope this information helps!

    Cheers,

    Jesse

    Thursday, November 15, 2012 10:12 PM
  • Deleted
    Friday, November 16, 2012 9:15 AM
  • Uhm... if you're sideloading, you're not entering the app to the store right? Hence you don't need to sign it? What am I missing?

    If you do have to publish it to the store, VeriSign seems to be the only option though.

    Saturday, November 17, 2012 11:56 AM
  • Deleted
    Saturday, November 17, 2012 12:08 PM
  • Ok I understand. Technically this is not a Windows Store question, but a Windows 8 question then, but I guess this forum is close enough :-) 

    Do you control the entire deployment chain? Can you write scripts that run on each computer? Are you sure you need to sign it at all to be able to install it automatically- that there isn't some MSI-installer option to make it install and override any warnings? I mean - you even mention running the installer manually - and you can indeed install unsigned applications on Windows 8 manually by overriding the warnings. You get this dialog that says you can't install it, but then you click "more options" and "install anyway". I'm sure you've seen this.

    I am myself selling an Outlook plugin that up until now hasn't been signed. I just bought a Thawte digital certificate (standard Authenticode) to sign it, so if you want I can get back to you about how it works on Windows 8 machines. I found Thawte to be one of the cheapest out there. What's interesting though is that Thawte is not listed as one of the members in the Windows Root Certificate Program, but they seem to be hosting for Verisign or something (search for "Thawte"). Not sure exactly how this works out, but I can get back to you.

    Saturday, November 17, 2012 12:18 PM
  • Deleted
    Saturday, November 17, 2012 5:16 PM
  • Hi Martin, I have now used the Thawte Authenticode certificate to sign my Outlook plugin (MSI file), and well - the outcome wasn't all that satisfying. Here's my experience with downloading and installing my MSI from a browser - before and after signing the MSI file with the digital certificate:

    BEFORE
    Windows SmartScreen: Pops up with the text "Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk." You need to click "Show more" and click "Run anyway" to continue.
    UAC: Pops up with the text "Do you want the following program from an unknown publisher to make changes to this computer". Yellow warning-ribbon.

    AFTER
    Windows SmartScreen: Same as before
    UAC: Pops up with the text "Do you want the following program to install software on this computer". No yellow ribbon.

    So in summary, only the UAC was slightly less scary. I'm not at all convinced that the cost/benefit of purchasing a Thawte certificate for my product is good enough to be justified. Frankly, I feel kind of cheated because the primary reason for me to by the certificate was to get rid of the SmartScreen warning.

    I would be very interested in hearing your experience for the VeriSign certificate though. It might be that because Microsoft has endorsed these guys, that your signed apps will bypass the SmartScreen warning. 

    PS: Note that the SmartScreen only checks your software if you run them after downloading the .MSI or .EXE through a browser.


     

    Thursday, January 3, 2013 10:07 AM
  • Martin,

    Can you please share your experience?

    I read somewhere this

    "So you need another commonly trusted CA to sign your Code Signing Certificate – this is where commercial CAs comes into the game"

    You need a Commercial Trusted certificate to sign our internal Code Signing certificate?  - is this true and why is Microsoft not making it clear.

    If you come across any documentation on this Enterprise Side Loading - specially dealing with certificate please share.

    thanks

    John

    Wednesday, January 30, 2013 8:33 PM
  • John: You don't need a certificate for anything. Define your use case. 
    Thursday, January 31, 2013 1:52 PM
  • Deleted
    Friday, March 1, 2013 6:07 PM