Code signing certificates work by building reputation with Microsoft by having users download and install programs even in the face of potential warnings. (Premium) EV certificates are supposed work without being blocked immediately at least come with an enhanced reputation out-of-the-box. This works because EV certificate purchasers need to be a legally registered company with providers like IdenTrust going through an enhanced process to verify that the buyer is actually who they say they are. Microsoft then trusts that EV certificates signed by folks like IdenTrust are valid.
After going back and forth with IdenTrust support for a few days, they finally admitted that their TrustID EV CA 4 certificate isn't actually trusted by Microsoft and that they have no idea if or when this will be trusted. This means there's no way that the certificates they're selling can possible have any enhanced reputation. It also appears that IdenTrust has been selling these non-functional certificates for about $250 each since at least Feb 2022.
IdenTrust has refused to provide a refund for my purchase, citing their "strict refund policy" -- for a product they acknowledge doesn't actually work and technically can't work (at least until Microsoft trusts them).
I've reported this to Microsoft here:
...and I've also reported this to the Microsoft Legal Compliance team. I assume that key network security companies as IdenTrust/HS Global claim should be more trustworthy than this (especially when "Trust" is in their name. A company that's willing to sell a non-functional product might also be willing to cut other corners, or worse.
A refund would be nice, but I'd really like IdenTrust to cease all sales and marketing efforts around EV Code Signing Certificates, at least until they are actually trusted by Microsoft.Less