One of the things I love most about Unity is the cross-platform building… sitting comfortably on my Mac, I can build games for Linux, Mac, and Windows, easy breezy.
But then when it comes time to code-sign the application and prepare an installer, if I have to fire up a Windows machine (even virtual) and do some manual steps, that’s a significant hurdle every time I do an update. (We’re using an incremental release model, so we update often.)
So, I’m eyeing NSIS, which can build Windows installers from other platforms (like Mac). And OSSLSignCode can maybe do the signing on a Mac, too. Combined, these could be a real time-saver, allowing all the packaging to be done from one script on the Mac, rather than having to copy files over to Windows and do some manual steps.
Has anybody tried this and have experience to share? Or am I in uncharted territory here?
OK, I installed OSSLSignCode and used it to sign my Windows exe file, using my Apple developer certificate and private key (because why not, right?). The process appeared to work, and my file is clearly signed, but Windows (8.1) still doesn’t like it, throwing up the scary “Unknown Publisher” warning.
Trying to gather all the clues I can, here is the “Digital Signatures” tab of the file properties:
So. Any idea what it is that Windows doesn’t like about it? It can’t find the issuer of the certificate — really? It can’t find Apple?
I’ve seen some suggestions that Apple’s root certificate is not normally installed on Windows machines. But surely it’s no less well-known than the apparently dozens of other certificate authorities out there? What does Apple use to sign its own Windows apps (e.g. iTunes)?
Or am I barking up the completely wrong tree here?
All right, a friend (who uses Windows far more than I do) explained that Microsoft has only certain CAs installed by default. And, sadly, Apple is not among these.
So now I’ve shelled out another $85, and have started the process to convince Codomo that I am a real person (or rather, that my business is a real business). Unfortunate but necessary, I guess.
It’s a little different, at least; instead of saying “unknown publisher” it just says it’s “an unrecognized app.” If I click “More Info” and then the “Run Anyway” button that appears, the app does launch. (You can see some of the digital signature info in the background of the above screenshot; it looks pretty much like it did before, except with COMODO instead of Apple.)
Is all this expected? Will users know what to do with this “Windows protected your PC” alert?
It’s quite usual the dialog sometimes appears… I don’t think any of the users will get caught off guard with this. Basically how it works is that it does that for unrecognized apps, and once your application gets enough “reputation” it will stop appearing. You can also force it to get good reputation by running WACK and uploading the result to Microsoft website. You can read more here:
