[Bf-committers] Vendor Approval Issue
Dan McGrath
danmcgrath.ca at gmail.com
Fri Nov 7 01:39:03 CET 2014
Hey Ton,
Well, the cert is just like any other SSL/x.509 certificate you would get,
except the properties of the certificate allow (limit) it to be used
specifically for signing code. You can get certs that can be set to only be
used for email, signing or encryption etc. The thing that makes this use of
the certificate unique (compared to regular SSL certificates) is that you
use special tools on Windows to sign binary files (as opposed to installing
in a web server like we do with SSL). Although given the special purpose of
making your software look reputable and legitimate, they (the industry) of
course demand a premium for the cost of generating these certificates (ie:
they charge you up the wazoo!). Like our EV certificates, I believe they
also go through extra identity checks before they just hand one of these
certificates over to you.
Comodo (our certificate provider) offers these certificates as well if you
are interested (Starting at $166.95/year):
https://www.comodo.com/business-security/code-signing-certificates/code-signing.php
With one of those, you should be able to follow the steps in the Microsoft
url I pasted earlier to do code signing. I believe you could even generate
your own self signed CA cert and create one of these code signing
certificates to test the tools, but such a certificate would not be trusted
of course, and would only be useful to practice the workflow.
Dan
On Thu, Nov 6, 2014 at 12:37 PM, Ton Roosendaal <ton at blender.org> wrote:
> Hi,
>
> I don't mind paying a bit, for as long it's an undisputed, official cert
> recommended by Microsoft.
>
> -Ton-
>
> --------------------------------------------------------
> Ton Roosendaal - ton at blender.org - www.blender.org
> Chairman Blender Foundation - Producer Blender Institute
> Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
>
>
>
> On 6 Nov, 2014, at 15:51, Dan McGrath wrote:
>
> > It sounds like Microsoft calls this "athenticode". I don't have any
> > personal experience with it myself, but I did find this url at
> Microsoft's
> > website that might be of use to those looking into this:
> >
> > http://msdn.microsoft.com/en-us/library/ie/ms537359(v=vs.85).aspx
> >
> > Dan
> >
> > On Thu, Nov 6, 2014 at 9:12 AM, Ton Roosendaal <ton at blender.org> wrote:
> >
> >> Hi all,
> >>
> >> For OS X we sign the binary using our Apple developer account.
> >> It seems there's a similar system for Windows exes too.
> >> Please advice!
> >>
> >> (See mail below).
> >>
> >> -Ton-
> >>
> >> --------------------------------------------------------
> >> Ton Roosendaal - ton at blender.org - www.blender.org
> >> Chairman Blender Foundation - Producer Blender Institute
> >> Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
> >>
> >>
> >>
> >> Begin forwarded message:
> >>
> >>> Subject: Vendor Approval Issue
> >>> Date: 6 November, 2014 14:17:11 CET
> >>> To: foundation at blender.org
> >>>
> >>> Hi
> >>>
> >>> I have a generic issue that needs addressing so I have contacted
> >>> this email address in the hope that you can redirect it
> >>> appropriately.
> >>>
> >>> I use Comodo Internet Security Premium which includes a Defense
> >>> Plus element for monitoring running processes. Whilst I have
> >>> approved Blender as a process it refuses to recognise the Vendor as
> >>> the .exe file is not signed and has no developer information so it
> >>> will not allow me to add it to the approved list and keeps flagging
> >>> it every time I launch Blender.
> >>>
> >>> I am bringing this to your attention as it is annoying and I am
> >>> sure other users are experiencing the same issue and it could be
> >>> easily resolved but that can only be done by the development team.
> >>>
> >>> Trusted Vendors can sign up here to be whitelisted:
> >>>
> >>> http://internetsecurity.comodo.com/trustedvendor/signup.php
> >>>
> >>> Many thanks
> >>>
> >>> Mark
> >>>
> >>
> >> _______________________________________________
> >> Bf-committers mailing list
> >> Bf-committers at blender.org
> >> http://lists.blender.org/mailman/listinfo/bf-committers
> >>
> > _______________________________________________
> > Bf-committers mailing list
> > Bf-committers at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-committers
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
More information about the Bf-committers
mailing list