Windows Code Signing Certificate Trust period

2
votes

I have what appears to be a valid signed Electron Windows application. I am using Electron Builder to sign the app for Windows with the same Apple .p12 certificate that we use to sign the app for macOS. The Electron Builder website mentions the following:

Code Signing Certificate shows a warning during installation that goes away once enough users installed your application and you’ve built up trust.

https://www.electron.build/code-signing#where-to-buy-code-signing-certificate

How long does it take for this trust to build up?

Here is a screenshot showing the certificate details in Windows:

Windows certificate details

Windows SmartScreen lists the publisher for the app as "Unknown publisher". Is there something I am missing here?

1
windowselectronelectron-buildercode-signing-certificate

1 Answers

1
votes

Even though this sounds irresponsible, answer is you never know when your application will earn enough reputation to pass smartscreen filtering. it's not static / fixed time period.

https://www.ssl.com/faqs/which-code-signing-certificate-do-i-need-ev-ov/#smartscreen

Unfortunately, Microsoft does not publish guidelines on what constitutes enough downloads to eliminate SmartScreen warnings. Microsoft has also indicated in the past that signing code is a “best practice” that you “can follow to help establish and maintain reputation for your applications.”

Unless you use EV cert, the only way to accelerate this is to publish your application and meaningful numbers of user download & installs without malicious behavior.