WingNews logo WingNews
top | item 42594487

(no title)

kryptocannon | 1 year ago

> which also requires forming a company that is not an LLC

I always thought that an LLC was sufficient, what's the actual requirement if an LLC is not enough?

discuss

order

Nzen|1 year ago

For an EV certificate, you need to have a government-registered business [0], though a record of Doing Business As should be sufficient. Where I live, that involves filling a form, paying a fee, and taking out a classified add for 3 weeks [1]. There are cheaper certificates, OV, that merely require a notary public's confirmation (which is what I did).

However, as the other post said, Windows will treat an EV certificate with very high trust and should not show SmartScreen. For OV signed software, it looks like [3] Microsoft will use some telemetry to assemble a trust score as people download and accept the risk of running the software, over days or weeks.

[0] https://support.ksoftware.net/support/solutions/articles/358... KSoftware is a sales partner for Sectigo. I used their service and later Sectigo directly, before last year's change to require FIPS hardware for managing the code signing certificate.

[1] https://www.cookcountyclerkil.gov/vital-records/business-not...

[2] https://support.ksoftware.net/support/solutions/articles/232...

[3] https://stackoverflow.com/a/65653792/504994

wongarsu|1 year ago

We got a certificate with a company that's the local equivalent of an LLC, and have seen certificates issued to private individuals. As far as I can tell it's up to the issuer who they support in their verification process. Many of them are pretty inflexible with somewhat arcane processes designed decades ago (with ancient websites portals to match), so your experience may vary

An additional detail is that there are two levels of code signing certificates, normal and EV (extended validation) certificate. EV certificates make windows completely drop the low-reputation screen and causes many antivirus solutions to trust you but are expensive and are a bit of a pain to get. Normal certificates are cheaper and comparatively easier to acquire, but only give partial benefits (less scary screen from Windows, some leeway from antivirus).

rubymamis|1 year ago

Like wongarsu described, there are two types of certificates. I got the more trusted one (EV certificate) which has higher requirement standards (one of which is to be a formed corporation that is not a sole proprietorship).