Not sure where I read this but is it true that the App Store will only accept apps that are authenticode signed with a Symantec certificate.
Won't my Thawte certificate be good enough ?
Thanks
Ian
From what I can see, yes (I knew a VeriSign certificate was required, didn't know they were 'owned' by Symantec). It's a good few hundred bucks, so, I can understand the concern.
Note that the Windows 8 (Metro) apps are handled differently: you submit your package to Microsoft, they test it to meet quite stringent requirements, and is signed by MS. A certificate, in this case, is not required, only for desktop apps.
Basically, though, you are only paying for the privilege of posting your [desktop] application to the Microsoft app store window. You still have to perform all the payment transaction yourself, download, etc. The certificate issue is a tough pill to swallow as a requirement - and a double whammy for those with a different, but no less secure, certificate.
"Ok, my response to that is pending a Google search" - Bucky Katt.
My understanding was that MS wouldn't accept it at all unless it was signed by the developer with a "VeriSign" certificate.Note that the Windows 8 (Metro) apps are handled differently: you submit your package to Microsoft, they test it to meet quite stringent requirements, and is signed by MS. A certificate, in this case, is not required, only for desktop apps.
I didn't know that I could post "Desktop" apps to the MS App Store. As it stands though I don't have problem installing my desktop apps on Windows 8 RTM. It's happy to accept either my Thawte or my Comodo certificates.Basically, though, you are only paying for the privilege of posting your [desktop] application to the Microsoft app store window. You still have to perform all the payment transaction yourself, download, etc. The certificate issue is a tough pill to swallow as a requirement - and a double whammy for those with a different, but no less secure, certificate.
Actually, Thawte and VeriSign are BOTH owned by Symantec. Which makes me wonder why a VeriSign Certificate is double the price of the Thawte certificate. Are they saying that Thawte is 'less' secure ?
Earlier today I sent this email to MS
and got this answerTo: Solution Partner Expert Team
Subject: Win8 Apps and Authenticode
I've been lead to believe that the Win8 App Store will only accept apps that are authenticode signed with a VeriSign certificate.
Won't my Thawte certificate be good enough ?
Thanks
Ian
Hi team,
Is it true that only a VeriSign certificate is acceptable for Windows 8 store submissions?
Thanks!
-Nichole
Who is 'Nicole' and why is she answering my email with her own question - or did the MS cut-n-paste chimp just send me somebody else's question because it sounds a bit like mine ?
Hmm, I didn't think that was the case - perhaps I'm wrong, then. In which case, even the Metro App Store is out of reach of your average hobby coder... ! I'd better double-check that, but I do recall the last stage of 'certification' was Microsoft signing the package.Originally Posted by IanS
Really, it's just a 'store front' - or more like a 'yellow pages' for apps. You have to provide a link to your own web site where they can download the app. You can easily (obviously) bypass the Microsoft storefront completely, and people can find your app through other means (Google, for example). The Microsoft store front is mimicking the Apple model - a one-stop shop where you can find apps for your device/computer. A requirement for your app to be showcased is that it is signed by VeriSign. I'm not sure how they can enforce that, since the app is actually downloaded from your site, but I haven't looked at the Desktop App steps in great detail.
I'm a novice when it comes to app distribution to a non-vertical market - code signing generally isn't important for custom applications - but am investigating what is needed to try and hedge my bets that the WinRT on a mobile device has any penetration into an industrial environment.
"Ok, my response to that is pending a Google search" - Bucky Katt.
Here's a couple of reference links:
Windows 8 app certification requirements
http://msdn.microsoft.com/en-us/libr.../hh694083.aspx
This above page does not note any signing requirements, but the submission steps documented on an MS blog indicate that MS signs the app package as one of the last steps.
Certification requirements for Windows 8 desktop apps
http://msdn.microsoft.com/en-us/libr.../hh749939.aspx
This does indicate the application needs signing, but does not specify that VeriSign must be used. Doesn't mean that VeriSign is not required, but the whole thing is relatively complex if you haven't accommodated all the requirements in current apps. MS have a lot of investment, it seems, in the store, so wouldn't suprise me if there are many, many, departments working on this whole 'windows 8 experience' and one hand doesn't know what the other is doing. Indeed, Microsofts home web side is designed to look like a Windows 8 app. Neat and Unifying - if your eyes can stand the obnoxious colors - which I have a real hard time with.
So, it also doesn't surprise me that MS employees are also confused: so-called Windows 8 MS representatives (and experts) on the Windows 8 community forums are complete idiots. Granted, some of the the questions/comments/rants are not of a particularly high quality, but still.
Last edited by SJWhiteley; Oct 3rd, 2012 at 03:13 PM.
"Ok, my response to that is pending a Google search" - Bucky Katt.
I asked a Microsoft person as well. The answer I got today is:
Using a certificate within the app itself? I don’t see anywhere that limits to what Certificate Store is allowed and also I would find that hard to believe that they would limit to only Symantec and not others such as Verisign and Thawte.
http://msdn.microsoft.com/en-us/libr.../hh464941.aspx
Have you given out your reputation points today? Select the Rate This Post link to give points for good posts!
-------------------------------------------------------------
Brad Jones, VBForums Site Manager
QuinStreet - Developer.com Network Director / EiC: Software Development
Overseeing VBForums, Developer.com, CodeGuru, DevX, and more.
(My recent articles) (I wrote: Web 2.0 Heroes!) (My Blog) (Follow me on Twitter) (New HTML5 Dev Center)
--------------------------------------------------------------
For WP7, with a quite similar marketplace, the file is signed by MS itself.
VB6 & C# (WCF LINQ) mostly
If you need help with a WPF/WCF question post in the NEW WPF & WCF forum and we will try help the best we can
My site
My blog, couding troubles and solutions
Posting Permissions
Reply With Quote