Notepad++ v8.8.3 Release Candidate
-
@donho said in Notepad++ v8.8.3 Release Candidate:
Only the the valid dates (to XXXXX) are different.
To avoid users’ confusion, I did a new root certificate and a new code signing certificate and signed the release again:
?, the shown “to XXXXX” remains different as before:
last root-cert: Valid from 7/9/2025 to 7/9/
2055
cert in signed RC5 binary: Valid from 7/9/2025 to 7/9/2028Root-certs usually have longer expiration date, I don’t see a problem with it.
-
@xomx said in Notepad++ v8.8.3 Release Candidate:
Root-certs usually have longer expiration date, I don’t see a problem with it.
The point is on “Issued to” & “Issued by”: the information should be difference between 2 certificates.
It’s more clear in RC5 for users:Root certificate: (Self-signed root certificate)
Code signing certificate (Code signing certicate issued by Self-signed root certificate)
-
@donho said in Notepad++ v8.8.3 Release Candidate:
The point is on “Issued to” & “Issued by”: the information should be difference between 2 certificates.
Ah, now I see it, thanks.
The important is, you left the code-signing one “Issued to” to be the
Notepad++, so the possible future UAC pop-ups can say “Notepad++” as the “Verified publisher” (with the N++ cert in the Trusted Root CA) as it was before, right? -
With the newest certificates and RC5, what I see is
- Notepad++ Root Certificate
- General
- Issued To: Notepad++ Root Certificate
- Issued By: Notepad++ Root Certificate
- Valid from 7/8/2025 to 7/8/2055
- Details
- Thumbprint =
c80539ff7076d22e73a01f164108dafbf06e45e4
- Thumbprint =
- General
And on the signing certificate with the RC5 binary, I see:
- Notepad++
- General
- Issued To: Notepad++
- Issued By: Notepad++ Root Certificate
- Valid from 7/8/2025 to 7/8/2028
- Details
- Thumbprint =
7f517e235584afc146f6d3b44cd34c6cc36a3ab2
- Thumbprint =
- General
The dates are presumably different because of timezone differences, since early morning 7/9 in France was still 7/8 on the Western timezone in USA.
@donho, Please confirm whether these are the correct Thumbprints, according to your records.
- Notepad++ Root Certificate
-
The important is, you left the code-signing one “Issued to” to be the Notepad++, so the possible future UAC pop-ups can say “Notepad++” as the “Verified publisher” (with the N++ cert in the Trusted Root CA) as it was before, right?
Yes, exactly - if the root certificate is installed on users’ machine.
I confirm the above information.
BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crtYou might consider to include Notepad++ root certificate (nppRoot.crt) in npp-user-manual.org and also the following information:
Name: Notepad++ Root Certificate
Serial Number: 7A137FBEA48E8D469D2B43D49EBBCB21
Thumbprint: C80539FF7076D22E73A01F164108DAFBF06E45E4
SHA256: 443B4543C3A682804540849793556FFD3A6CE5D4721C9ADFDA6450223DDD54D7
Created: 2025-07-09
Expires: 2055-07-09so users could have 3 sources to download the root certificate and do the croiss-verification.
It’s totally up to you. But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page. -
@donho said in Notepad++ v8.8.3 Release Candidate:
BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt@donho nppRoot.crt is not found at that location
-
@PGomersall said in Notepad++ v8.8.3 Release Candidate:
nppRoot.crt is not found at that location
I think you missed two of Don’s words from his sentence: “the root certificate will be available” – “will be” implies future tense, so not yet.
–
update: an hour later, that file does exist at https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt … so no more waiting -
D donho unpinned this topic on
-
@donho said in Notepad++ v8.8.3 Release Candidate:
But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page.
Sorry if I wasn’t fast enough for the Release Notes…
-
@PeterJones said in Notepad++ v8.8.3 Release Candidate:
Considering @donho said above, “BTW, I should make https work, I know - it’s on my TODO list.”, I can confidentally conclude that the goal is to get it renewed. ;-)
FYI,
It’s done with let’s Encrypt:
https://download.notepad-plus-plus.org/repository/ -
@donho VirusTotal is flagging v8.8.3 with the following:
Is this a concern or a false positive?
Thanks.
-
@Ben-H
False positive.
Because if I put malware into Notepad++, I would not tell you. -
@donho
Thanks. Is there a way to check with BKav Pro security vendor to see why it is a false positive? We just needed some explanation or confirmation that we are in the clear in order to satisfy the audit requirement by our company. Appreciate the Notepad++ team as always. -
@Ben-H I have just written to BKAV customer services and asked them to disable the false positive. I’ve had a good experience with this company and I’m sure it will disappear soon.
-
@datatraveller1
Great. Thanks much! -
This post is deleted! -
@Ben-H The BKAV Pro False Positive has been fixed, everything is green now.
-
@datatraveller1
Awesome. You are the best!
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login