I finally got my code signing certificate! (That's why there is a Windows zip file with today's upload date - it contains a signed .exe. Else, nothing has changed.)
Unfortunately, it doesn't really do much yet. There is just appearing my name in the Windows Defender / Smart Screen warning message now. But you still have to do the two clicks to get it out of the way for the time being :(
This warning message can be removed only when you have earned "reputation". It just seems like nobody really knows what that means and Microsoft doesn't tell us. It looks like you need to have your program executed on a few thousand PCs or so. But google gave mixed results. So, let's hope that's not the case, otherwise it will be difficult to reach these numbers with the current amount of downloads per version.
So I payed €85.74 for this for a one-year license, but actually it was 0.05450902 ETH. That was the only good thing with all of this. I could finally use my own mined ETH in a useful way! :D
If only the process of getting the certificate wouldn't have been so horrible. Let's recollect it step-by-step:
- I signed up on SSLDragon (found through google)
- They redirected me to sign up with Sectigo (the company who actually issues the certificate) with Internet Explorer (!)
- Then I had to create a ticket with SSLDragon to tell them what name I used for the Sectigo sign up
- Now I got two mails, one from SSLDragon, that I signed up successfully, and one from Sectigo that they couldn't verify my address. There was a small typing error in the city name. It must have been introduced by SSLDragon. But I could not prove it afterwards.
- So I had to submit the correct address with the Sectigo ticket system.
- After this was verified, I could upload my ID and a photo holding it. But erroneously through the Sectigo ticket system. Wrong system!
- I uploaded again the pictures through yet another system by Sectigo called "validation manager" - great!
- After another couple of days, I got a message that I had to redo the photo, because the ID should show the front side (I read somewhere that it should show the address in the photo (which is on the back side), but ok - maybe I got it from the SSLDragon website. They have incorrect info in there FAQs about the validation process!)
- Finally I could create the certificate with Internet Explorer.
Horrible experience! And if the warning message doesn't even go away in the end, it would have been quite a waste of time. I hope we can build the necessary reputation.
The only alternative is to get a so called "Extended Validation Certificate" which requires much more money and has a more complicated verification and issuing process. Seems a bit excessive for a simple game.
In any case, I cannot recommend SSLDragon, at least not for Code Signing. Their website can be misleading/confusing and just has straight up wrong info sometimes. Is this the price you have to pay to be able to pay with crypto? :D