Hello all. I've been tasked with finding out what it takes to get our VFP-generated exe signed.
I've found several issuers of certificates, in a wide range of prices, but not a lot of real information.
In particular, what I need to know is:
1. When we purchase a signing certificate, can it be installed on more than one PC, or is it tied to a specific one?
2. Does the certificate allow us to sign our program and every new version of it, or is it tied to the version number?
3. Can the certificate be used for more than one software project, for example if we launch a new app, will the same cert work for it.
4. Once we purchase the cert, how do we integrate code signing with VFP 9?
I know that's a lot of questions, but honestly it seems all the sites want to do is sell you a certificate, without spending any time whatsoever to let you know what the cert is good for or how to use it. Thanks in advance for any help.
Just realize this. We use Refox, so do we sign the actual exe that VFP generates, or the exe generated by Refox? Then the Refox exe gets compiled into Inno Installer, which creates a new exe.
So which of these three exe would we sign??