How to be a verified publisher?

Frank picture Frank · Apr 18, 2010 · Viewed 21.6k times · Source

I wrote an app and I want to sell it online, so I uploaded it to my website and tried to download and run it as a test, but a window appeared, it said : "The publisher could not be verified. Are you sure you want to run this software ?", and it also said : "Publisher : Unknown Publisher". It's actually a self-signed Java jar file wrapped into an exe file, I self-signed it with Netbeans6.7.

I wonder what should I do to be a "known" publisher ?

Frank

Answer

josh3736 picture josh3736 · Apr 18, 2010

You'll need to sign the EXE with a code signing certificate from a trusted root certification authority.

http://www.thawte.com/code-signing/

https://www.verisign.com/code-signing/

You'll find more CAs with a simple Google search.

Keep in mind, even though this is a Java JAR, the dialog you're seeing is from Windows complaining about the EXE being unsigned. You'll need a MS Authenticode signing certificate to sign the EXE. I'm not too familiar with Java, so you may or may not need a certificate to sign the JAR as well. (Note a self-signed certificate will never be recognized as fully Trusted and Valid on any computer other than your own.)