Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App is not trusted on Windows #174

Open
mgkeeley opened this issue Oct 17, 2021 · 2 comments
Open

App is not trusted on Windows #174

mgkeeley opened this issue Oct 17, 2021 · 2 comments

Comments

@mgkeeley
Copy link

When installing the app on Windows, Microsoft Defender SmartScreen warns against installing the app, as the publisher is an "Unknown publisher".

While this can be bypassed, and the app installed anyway, automatic updates don't work due to the following error:

Tockler Update Error
Error: New version 3.20.12 is not signed by the application owner: publisherNames: Developer ID Application: TIMATECH OU (LK9S62EK7N)

This seems to be due to a few reasons linked to using an Apple Developer ID certificate:

  1. The Apple Root CA is not installed in the root certificate store on windows
  2. The Developer ID Certification Authority intermediate certificate isn't installed either (and it's not in the cert bundle)
  3. If these certificates are installed on windows, a further error A certificate contains an unknown extension that is marked 'critical'. prevents validation of the certificate

I found the Apple root and intermediate certificate here: https://www.apple.com/certificateauthority/

This article discusses the problem: https://luminaryapps.com/blog/code-signing-and-packaging-windows-apps-on-a-mac/
It seems that the result is that Apple Developer ID certificates simply can't be used for Windows apps.

  • Is there a possibility of using a different signing certificate for the Windows build?
  • Even though in the app settings, auto update is off, I still get these update notification errors
@MayGo
Copy link
Owner

MayGo commented Oct 17, 2021

Thanks for your feedback.
I haven't used a proper certificate, so I could keep running costs low. I guess it is time to fix that and hope that at some point costs are covered as the userbase grows.
I think I will not add the EV Code Signing certificate, as for that there is no option to auto-build releases in AppVeyor. So will use Code Signing certificate and that means Smartscreen will still give warnings until it is approved (more downloads, means quicker approval - I think), but auto-update should work properly.

I will look into the auto-update toggle problem. Do you know what version are you currently running?

@mgkeeley
Copy link
Author

I think it was 3.19.20; today I upgraded to 3.20.12 and toggled the auto update on and off again. I will see if the auto update occurs again tomorrow and update you.

And yes, code signing certs are unfortunately not free! I think OV certs will be fine for now, thanks for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MayGo @mgkeeley