| Comments

Thawte logoAnd the offers keep coming in!  Another one of our key partners for testing XAP signing for trusted applications was Thawte.  Their group helped provide us with valid certificates to verify their process and signing worked as expected (and verified) for Silverlight 4.  Today I just got an email from their marketing department that they would like to offer Silverlight developers a discount on Thawte code-signing certificates to $89 for a 1-year…about 70% off their current rate.  That’s pretty amazing of them to do.

Here’s their terms and details on how to get it…


  • For developers of XAP code for Microsoft Silverlight 4
  • Get a single-year code signing certificate for US $89 (over 70% off), or a two-year code signing certificate for US $178 (over 67% off)
  • For new Microsoft Authenticode code signing certificates or renewal of existing Microsoft Authenticode certificates
  • Enter promotional code MSSILVER when prompted during certificate enrollment/renewal
  • Offer expires 01-June-2010, so chop-chop!

How to get the certificate

  • Have your enrollment information and credit card ready, and go to http://www.thawte.com/code-signing
  • In the Thawte Code Signing Certificate for Microsoft Authenticode section, select the certificate term desired (1 year or 2 years), then click either Buy or Renew.
  • This will launch Thawte Certificate Center, where customers enroll for and manage their SSL and code signing certificates.
  • The first page will confirm your choice of code type and certificate validity period.
  • At the bottom of the page, enter the promotional code MSSILVER. Click the yellow Continue button to see the updated (lower) price applied in real-time.
  • Simply continue the process to complete the certificate enrollment.
  • The authentication process usually takes about 2 weekdays. Thawte will keep you updated throughout the process.

NOTE: I will say that I recall the Thawte certificate process requiring IE7 or earlier and it did not work well with IE8/Win7.  It actually issued, but there was no way to export the PFX.  Please heed this advice.  Fire up Windows XP Virtual PC like I did and issue the request and use the same machine to pick it up and export.  This is, of course, unless they have indicated they’ve got it working on IE8 now.

Other conditions and stuff to know…

  • Thawte code signing certificates are issued to organizations for a specific type of code, such as (in this case) Microsoft Authenticode which will cover XAP developers. Since the certificate is issued to the organization and not the code, the certificate can be used to sign any instance of that type of code generated by the organization, over the entire lifespan of the certificate.
  • Thawte code signing certificates follow an authentication process which is very similar to the organization authentication process for Thawte SSL Web Server Certificates, which usually takes about 2 weekdays. Because the organization authentication process is so similar, customers who already have at least one active Thawte SSL certificate will save time, as their organization has already been authenticated.
  • To confirm eligibility for the offer, Thawte’s sales or authentication representatives may require verification that the customer is developing XAP code for Silverlight.

Before you start laying on the comments below, yes we all know there are a multitude of ways to get these certificates.  Thawte reached out to me to ensure that Silverlight developers are aware they can get this promotional discount as well.  If you are an existing Thawte customer you can renew your certificate as indicated in the terms above.  If you have questions, please contact their customer service area.

For more information on XAP signing and the reasons/benefits see these posts:

Thanks to Thawte for extending this promotion!

| Comments

One of the new features in Silverlight 4 is the ability to sign your XAP applications so that your out-of-browser trusted applications look more friendly (trusted) to your users, they come from a verified publisher, and they can take advantage of the auto-update APIs in Silverlight.

If you don’t know what I’m talking about, here’s some resources for some background:

Basically if you are writing a Silverlight 4 trusted application, you WANT to be signing your XAPs.  The XAP sign process uses the normal Authenticode process for code signing. 

Thanks to our friends at GoDaddy, they want you to sign your apps as well and have them delivered from a verified publisher!  They are providing Silverlight developers a 50% discount on their code signing certificates for XAP signing!  If you don’t have a code signing certificate, now is the time!

To participate in this offer, be prepared to have all your information ready.  Certificates are issued to individuals/organizations.  It is much more of a verification process than something like an SSL web certificate.  In fact, the process actually involves human interaction!  You will be required to verify your information on your submission and perhaps be required to provide documentation of verification (if you are an organization readily found on the web, this usually isn’t a problem).  Follow the steps carefully and specifically.  I also recommend using Internet Explorer to go through the process to be safe.  Additionally, you will only be able to pick up your certificate from the machine you requested it on…so don’t pave that machine until you get it :-).

To take advantage of this offer, visit the GoDaddy code signing area and start the process.  You can choose a 1- or 2-year code signing certificate to apply this discount (might as well go for the 2 years so you maximize the discount).  Add the code signing certificate to your shopping cart then add this discount code in the promocode area: MSSILVER.  This will apply the 50% (of regular rates) to the 1- or 2-year code signing certs in your basket. 

Then complete your purchase.  Once complete you’ll receive email instructions on how to redeem the credit you purchased and start the verification process.  Be patient…this is not a 5-minute process.  In fact, in some cases it might take a few days to complete the verification process.

This offer is only good from 20-April-2010 until 20-May-2010 and only on 1- or 2-year code signing certificates, so act quick.  This is a great chance to get a well-known certificate authority code signing certificate.  During the order process you will be given the option to choose a Certificate Authority between GoDaddy and Star(something)…I recommend sticking with the GoDaddy CA on this one.

I hope you are able to take advantage of this offer.  This is a certificate that you can use to sign multiple applications…not just one, so it is definitely a worthwhile investment.  Make sure you timestamp your codesigns!!!

Hope this helps!

| Comments

Yet again, we’ve updated the Silverlight Client for Facebook for the Silverlight 4 release version.  In order to use the updated one, you must follow these instructions:

  • First, uninstall the previous version you have.  This can be done in Add/Remove Programs on Windows or by just deleting the app on Mac.
  • Ensure you have Silverlight 4 installed.  If you are using the development tools and have installed Silverlight 4 developer tools, that’s fine.  If you are not a developer, visit http://microsoft.com/getsilverlight to get the latest Silverlight 4 version (4.0.50401.0).
  • After you have Silverlight 4 installed, visit the app page and install it.

You should be good after this! 

So why so many uninstall/re-installs!?  I thought you had an auto-update mechanism!

We do!  With Silverlight 4 trusted applications, the update mechanism requires that your applications be signed in order to use the auto-update APIs.  We wanted to wait until SL4 released in order to provide a signed version (and our internal signing process didn’t allow signing the beta).  Now that we have a signed version, you’ll be prompted when an update has been installed for the app.  For more details on signing your Silverlight applications see:

Hope this helps!