Do I need a Code Signing Certificate for others to use my Windows export application?

Archive
1
:information_source: Attention Topic was automatically imported from the old Question2Answer platform.
:bust_in_silhouette: Asked By Charlie

The docs and Q&A here make me think that Windows exports should be a breeze (all the hangups seem to involve Android or iOS). However, I’m getting quite stuck making my Windows export usable by others.

So, you can download our app (.exe) project at https://ivoyager.dev/download. However, if you try to run it, you’ll have to bypass some very scary Windows warnings. [EDIT: It’s the blue “Windows protected your PC” screen.] It’s worse than that! You have to know to click on “more info” before you have the option to do something that seems very dangerous.

After chasing this down a rabbit hole most of today, I’ve learned that I can obtain a Code Signing Certificate for “As low as $474/year.” Well, after some more googling, I did find Certum which will give me a CSC for an open source project for €69.00, but their website keeps popping up Polish text which I am unable to understand.

If I did obtain a “Code Signing Certificate,” is this something that I can incorporate in my Godot export process?

Sorry I’m so ignorant on this issue. Any guidance would be greatly appreciated!

Could you describe the warnings? Is it the classic “Are you sure you want to allow this program to make changes to your computer?” warning? Or the “Unrecognized App” warning?

Millard | 2020-05-15 00:50

It’s the blue “Windows protected your PC” screen when you double click the .exe file.

(I don’t have an installer, just the .exe and .pck in a zipped folder. I suspect the “make changes” warning is associated with installers.)

Charlie | 2020-05-15 12:33

The Windows code signing situation is pretty messy, even in 2020. I would advise documenting how to bypass the warnings instead, so you could save a few hundred dollars.

Note that even with a valid code signing certificate, you’ll need a few dozen people to bypass the warning before the executable is considered as trusted by Windows SmartScreen. That is, unless you pay for an even more expensive “extended” code signing certificate.

Calinou | 2020-05-18 10:29

Thanks Calinou. Your answer is what I discovered to be the case, unfortunately. The prices for “individual” code signing certificate range from $85/yr and up, and this does not immediately bypass the “Windows projected your PC” screen. For that you need EV code signing, which is >$300/yr.

Charlie | 2020-05-18 10:58

This doesn’t seem very fair. Logically, the warnings are to warn people from possibly installing a program that could have a virus on it. I’m not sure why paying $300 for a license would ensure that someone wouldn’t put a virus on the program.

Millard | 2020-05-18 14:03

2
:bust_in_silhouette: Reply From: Eidam

Interesting,
my applications doesn´t need some permission, will start normally. When I started your applications first, alert warning is displayed, where I must click “More informations” and “Run” But when I started your application for the second time, confirmation wasn´t requied and application started normally.

Exactly same for me. Once I click through the “More Information” and then “Run”. I don’t see it anymore. We have two downloads at our site and each gives the warning once, then never again. Didn’t used to happen 6 months ago, but I’ve been getting feedback from users that this is happening for the last few months, although inconsistently (some see get it, some don’t).

It’s pretty much a game stopper for a free educational app. Only a small minority of users will click through the warnings.

Charlie | 2020-05-15 12:38

And why don´t you release your app as HTML5? You might publish it for example on itch.io. It doesn´t difficult. This takes about 15 minutes… I think, this it would be more comfortable also for users…

Eidam | 2020-05-15 12:45

We do publish an HTML5 version: https://ivoyager.dev/planetarium/. But it’s reduced in content, lacks GLES3 graphic effects, and takes a minute or more to download/start. Our download version starts in ~1 sec.

(I think our needs are a bit different than most. I, Voyager is educational content, not really a game. Our users will be more skittish about Windows warnings than many indie game fans.)

EDIT: Wait! Did I misunderstand your question? What do you mean “release your app as HTML5?” We do have a web-based app, as I said above. But is there some other kind of “HTML5 App” I’m unaware of?

Charlie | 2020-05-15 16:21