Signing the Launcher with a Certificate
Running the PatchKit Launcher on a Windows PC may result in the following message on Windows PC:
This message usually means exactly what it says - the Microsoft Defender SmartScreen does not know this application, and it prevents it from running. It can be easily ignored by clicking on the
More info link and then
Run anyway button, but it’s highly counterintuitive for the average user and may create a lot of support queries to the publisher.
One way to prevent it from happening is to sign the Launcher with a code signing certificate. A signature raises the trust score of the application and usually gets rid of the above message.
Obtaining the Certificate
A code signing certificate needs to be purchased. There are only a handful of certificate providers, some of them are listed on this Microsoft Documentation Page.
There are two types of certificates in general:
- Standard Validation (SV)
- Extended Validation (EV)
The difference (except the price) is the level of validation. While SV certificate should get rid of the Windows SmartScreen warning message, an EV will raise your trust score even more. Unfortunately, we can’t tell in which cases Windows SmartScreen can display its dialog message even if the application is signed with an SV certificate.
Signing the Binaries
There are two to three files that you will need to sign:
- Your application’s executable
The actual signing process is described in detail on Comodo Code Signing page - The Six Steps of Code Signing. Make sure to read it carefully.
To sign the Patcher.exe, you will need to either use our default binaries or make a custom build. Our provided binaries can be easily extracted from the
patcher directory after the first run. When signed, upload your custom launcher to the panel - Customizing Unity-based single-launcher.
The launcher.exe needs to be signed only once, but it cannot be re-uploaded. Ensure that you share your signed binary with your users by hosting it in a place that can be reached.
Code signing on OSX
The unsigned application problem is pretty similar to the one on Windows, but it’s a little harder to start such application. Please reffer to Open a Mac app from an unidentified developer for more details.
It’s easier to sign the application on OSX than on Windows, since all you need is a Developer ID. Please reffer to Signing an application on OSX for more details.