[Solved?] Problem with latest Setups / GSA Products

SvenSven www.GSA-Online.de
edited June 24 in Other / Off Topic

When downloading any of our GSA Products, you might see the following Popup from Windows:



Let me explain what happened:


Nowadays you need to sign every executable to not get a "Yellow Warning" popup from Windows when trying to execute a setup or file that wants admin rights. So for many years now it is a common behavior for developers to buy a certificate and sign your setups.

Buying such a normal "code signing" certificate is usually for one year and costs around 100 USD. The verification procedure is always a pain and they call you up (usually big call centers from India, not calling in your time zone) to verify your identity.
Having a certificate ordered before doesn't mean you can skip such verification process on the next year. OK you get me, it's a pain for years but I got used to it.

However, lately Microsoft thought that now with the spying Windows 10, where all is sent to MS-Headquarter in background..."Why not judging how safe a certificate is by counting the amount of installations by that signed setup?". A new certificate each year means to collect as many installations by that new certificate as possible to get it approved.
Large companies didn't like that idea and soon a new type of EV certificate was advertised. Of course a lot more expensive and offering INSTANT approval by MS.

As we had problems this year with getting our new normal certificate approved, we where forced to buy this EV certificate and refunded the previous normal one.
In the end we had the currently used certificate being blocked and the new one is not delivered. I don't know when this will happen as they are shipping it by post (not in office either due to COVID19).
And now...You get this "red warning" popup box whenever trying to execute our setups. Im sorry, but this is not our fault at all...it's MS and the certification industry that squeezes out all money it can from small developers as us.

The comodo (now owned by sectigo.com) support is a mess. They reply by emails/support queries not at all or days if not weeks later. An on and off with agreements to sign, missing or incorrect data and papers where you are suppose to write a long company name in a 10 letter space.

Im soooo frustrated about this and seems Im not alone.

Anyway, here is a quick solution:

DISABLE SmartScreen which is responsible for these popups by running C:\Windows\System32\SmartScreenSettings.exe

Im sorry but right now it's the only way I guess.

Comments

  • Sven, we are with you! Should it be Yellow warning or Red, or All kind of color warning, we don't care!
    Thanked by 1Sven
  • SvenSven www.GSA-Online.de
    UPDATE 25th June
    They have finally approved the EV certificate and are now shipping it to us via UPS. Fingers crossed that we will soon be able to release updates again.
  • BDSBDS India
    KYRIAKOS said:
    Sven, we are with you! Should it be Yellow warning or Red, or All kind of color warning, we don't care!
    I agree, I ignore such warnings
  • SvenSven www.GSA-Online.de
    edited June 30
    UPDATE 30th June
    The etoken arrived but is unusable. The password does not match and I am again in a waiting loop for there support. One good advise: NEVER order anything at comodo or sectigo.com! Lesson learned!
  • SvenSven www.GSA-Online.de
    edited July 3
    Update 1st July
    I have now issued a refund (last day in 30day time period I can do this) and will use another provider. I really advise anyone to NOT order from comodo or sectigo. If only I would have read on TrustPilot before.

    So lets see what else we have...ssl.com is my next try for a good and reliable EV certificate WITH Support.
  • DeeeeeeeeDeeeeeeee the Americas
    I was unaware of any of this. Very interesting.  Annoying warnings! :(
    It sucks that GSA has to deal with this nonsense...
    Sven, I hope that you can find a solution soon.
    What a waste of time.
  • SvenSven www.GSA-Online.de
    Update 8th July
    Another week passed and Im waiting for ssl.com to verify and deliver the certificate. The whole certification industry seems to be a mess really. What can be so difficult in verifying that we are a legit business!? There are directories and gov-sites to do the research online. Just a few clicks and it's done.
    Anyway, we are awaiting there call back now...awaiting that for 3 days now as I was promised to have that on Monday. Nothing for now.
Sign In or Register to comment.