IE warns even if the plugin is signed with an official certificate

[heinob]

Hi,

I have signed my plugin (MSI) with an offical code signing certficate from SwissSign (https://swisssign.com/en). Chrome and FireFox seem to accept the signing: They do not warn the user anymor since then. But IE10 still sais things like: "...is seldom downloaded and may harm your computer..." and I have to insist on starting it, to get it installed. Also, IE does not show the certificate or my company name, like Chrome and FF do.

Is this the expected behaviour or is there something wrong with my certificate? What can I do that also IE likes my plugin?

Best,

Jochen

[Gaurav Raj]

This is not a firebreath problem. Rather its the certificate issue problem. Contact your code signing certificate provider about this problem. I signed my plugin using Thawte code signing certificate and it works fine in all browsers.

--
 
---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Gaurav Raj

[heinob]

Why firebreath? As I said I have the problems with IE10. Does your MSI work also in IE10?

[Gaurav]

I'm presently working in Windows 8 with IE10. My msi shows no such error or warning as u mentioned.

[Neil Griffiths]

http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx
http://blogs.msdn.com/b/ie/archive/2012/08/14/microsoft-smartscreen-amp-extended-validation-ev-code-signing-certificates.aspx
http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/a252672b-c72a-4d98-a3c0-5929fdc446a2

This is an issue with SmartScreen and affects every download of every installer and executable through IE9 and 10. So yes, it's "expected" behaviour - according to Microsoft at any rate. You can make it better by using an EV code-signing certificate - but the only way this goes away is if lots of people download your app through IE.

Good, eh? ;-)

[John Tan]

I remember reading from somewhere that IE can be picky on the cert issuer. Safest is to use VeriSign.

[heinob]

Finally I found the solution. When I download the plugin from our https website, which has an EV certificate, all IE warnings are gone. It not only seems to matter what your are downloading and installing but also from where your are doing this. In my first attempts I downloaded the signed MSI from a "normal" http site, which seemed to offend IE.