This is part 2 of dealing with Microsoft’s SmartScreen Filter. You can find the first part here.
I figured the best way to deal with SmartScreen filter was to get Mini-Compressor Windows 7 certified. Windows 8 had just been released but I figured if I could get Windows 7 certified upgrading to Windows 8 certification shouldn’t be a problem. At the time I had not tested Mini-Compressor on Windows 8 but I had done lots of testing on Windows 7.
I found the Windows 7 certification site at:
I logged in with a Microsoft account and was then told I need to create a company account. To do that I need a code signing certificate. I knew I would eventually need a code signing certificate but didn’t think I would need one so quickly in the process. I clicked the link to code signing certificate from VeriSign for $99.
Once on the Symantic site I was prompted for some information and to link my Windows Live ID:
An e-mail is then sent to you to confirm your e-mail address. Follow the directions in the e-mail.
I was then prompted for the type of certificate I wanted. I chose Microsoft Authenticode.
Then I had to pick validity period and a couple of other options. I had to choose one year because I was getting the special Microsoft discount. I also choose to Enable Auto CSR Generation. This lets your browser generate the keys for your certificate rather than using a third party tool.
Then the code signing certificate is generated.
Now that the keys are generated I need to enter some information about Saturday Morning Productions, contact info, and finally some billing information.
Finally you get an order summary.
The certificate is ready but Symantec won’t give it to me until they verify that I’m actually Saturday Morning Productions. They did this by e-mailing me and requesting documents. In my case they asked for business registration documents which I provided them. Unfortunately the phone number on my business registration documents was out of date.
They asked for a phone bill with my company phone number. That turned out to be a problem as well because my phone bill, for some reason, only had my personal name on it, not Saturday Morning Productions. As a last resort I got a notary letter. Luckily we know someone who is an excellent real estate lawyer.
This process took a week or two. Thankfully the people at Symantec where polite and patient during the whole process
Once they accepted my notary letter I was prompted to pick-up my certificate. It is important that you use the same computer that generated the certificate to download the certificate. Once you have downloaded the certificate you can transfer it to another computer.
To confirm that you have the certificate open up Internet Explorer and then open the options dialog. Then click the Content tab and then click the Certificates button. You should see your new certificate in the Personal tab.
To export the certificate so we can get it on our build machine you need to, unsurprisingly, click the export button. Then follow the steps in the wizard. In my case I left all the defaults as this was my first time. After I was sure the export worked I went back and removed the key.
Make sure you enter a good password and don’t lose/forget the password.
Finally choose where to save your key. Choose a safe location that is backed up and hopefully encrypted.
You know you have a valid code signing certificate when you can use it to sign installers and executables. I’ll detail how to actually sign stuff in another post.