xxxxx@gmail.com wrote:
Keep in mind that you do not need to use your EV certificate
for signing, you just need an EV certificate and the non-EV
certificate you sign with registered through the Microsoft portal.See the following for Microsoft’s statement when they dropped
this requirement:
Does anyone happen to have a current confirmation of “yes, the
Microsoft Windows Dev Center is currently allowing me to do this.”
Meaning, you have the EV certificate(s) you were required to associate
or create your SysDev / Windows Dev Center account with. But then you
also have a non-EV code signing certificate registered to the account.
And to actually upload Windows 10 attested signing submissions, you
need only sign your .CAB with the non-EV certificate, as per the
October 2016 blog post.
We have been simply “signing everything” with the EV certificate, but
one of our product teams is now in the position where “sign with just
the non-EV certificate” would aid their signing workflow. But even
though we were able to successfully upload and associate the non-EV
certificate with our Windows Dev Center account, the upload of actual
signing submissions seem to be rejected with an EV-specific signature
check message.
Wondering if that’s probably us still doing something wrong because
its working for others here; or whether Microsoft reversed their
reversal on having an EV check for submissions; or maybe the blog post
only applied to .HCK/.HLK submissions and not attested signing; etc.
Thanks.
Alan Adams
Client for Open Enterprise Server
Micro Focus
xxxxx@microfocus.com