Notepad++ v8.8.3 Release Candidate
-
@donho said in Notepad++ v8.8.3 Release Candidate:
Only the the valid dates (to XXXXX) are different.
To avoid users’ confusion, I did a new root certificate and a new code signing certificate and signed the release again:
?, the shown “to XXXXX” remains different as before:
last root-cert: Valid from 7/9/2025 to 7/9/
2055
cert in signed RC5 binary: Valid from 7/9/2025 to 7/9/2028Root-certs usually have longer expiration date, I don’t see a problem with it.
-
@xomx said in Notepad++ v8.8.3 Release Candidate:
Root-certs usually have longer expiration date, I don’t see a problem with it.
The point is on “Issued to” & “Issued by”: the information should be difference between 2 certificates.
It’s more clear in RC5 for users:Root certificate: (Self-signed root certificate)
Code signing certificate (Code signing certicate issued by Self-signed root certificate)
-
@donho said in Notepad++ v8.8.3 Release Candidate:
The point is on “Issued to” & “Issued by”: the information should be difference between 2 certificates.
Ah, now I see it, thanks.
The important is, you left the code-signing one “Issued to” to be the
Notepad++, so the possible future UAC pop-ups can say “Notepad++” as the “Verified publisher” (with the N++ cert in the Trusted Root CA) as it was before, right? -
With the newest certificates and RC5, what I see is
- Notepad++ Root Certificate
- General
- Issued To: Notepad++ Root Certificate
- Issued By: Notepad++ Root Certificate
- Valid from 7/8/2025 to 7/8/2055
- Details
- Thumbprint =
c80539ff7076d22e73a01f164108dafbf06e45e4
- Thumbprint =
- General
And on the signing certificate with the RC5 binary, I see:
- Notepad++
- General
- Issued To: Notepad++
- Issued By: Notepad++ Root Certificate
- Valid from 7/8/2025 to 7/8/2028
- Details
- Thumbprint =
7f517e235584afc146f6d3b44cd34c6cc36a3ab2
- Thumbprint =
- General
The dates are presumably different because of timezone differences, since early morning 7/9 in France was still 7/8 on the Western timezone in USA.
@donho, Please confirm whether these are the correct Thumbprints, according to your records.
- Notepad++ Root Certificate
-
The important is, you left the code-signing one “Issued to” to be the Notepad++, so the possible future UAC pop-ups can say “Notepad++” as the “Verified publisher” (with the N++ cert in the Trusted Root CA) as it was before, right?
Yes, exactly - if the root certificate is installed on users’ machine.
I confirm the above information.
BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crtYou might consider to include Notepad++ root certificate (nppRoot.crt) in npp-user-manual.org and also the following information:
Name: Notepad++ Root Certificate
Serial Number: 7A137FBEA48E8D469D2B43D49EBBCB21
Thumbprint: C80539FF7076D22E73A01F164108DAFBF06E45E4
SHA256: 443B4543C3A682804540849793556FFD3A6CE5D4721C9ADFDA6450223DDD54D7
Created: 2025-07-09
Expires: 2055-07-09so users could have 3 sources to download the root certificate and do the croiss-verification.
It’s totally up to you. But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page. -
@donho said in Notepad++ v8.8.3 Release Candidate:
BTW, the root certificate will be available in GitHub repository as well:
https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt@donho nppRoot.crt is not found at that location
-
@PGomersall said in Notepad++ v8.8.3 Release Candidate:
nppRoot.crt is not found at that location
I think you missed two of Don’s words from his sentence: “the root certificate will be available” – “will be” implies future tense, so not yet.
–
update: an hour later, that file does exist at https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/nppRoot.crt … so no more waiting -
D donho unpinned this topic on
-
@donho said in Notepad++ v8.8.3 Release Candidate:
But if you do, please provide me the URL of nppRoot.crt - I will include it into my release note & Ressources page.
Sorry if I wasn’t fast enough for the Release Notes…
-
@PeterJones said in Notepad++ v8.8.3 Release Candidate:
Considering @donho said above, “BTW, I should make https work, I know - it’s on my TODO list.”, I can confidentally conclude that the goal is to get it renewed. ;-)
FYI,
It’s done with let’s Encrypt:
https://download.notepad-plus-plus.org/repository/ -
@donho VirusTotal is flagging v8.8.3 with the following:
Is this a concern or a false positive?
Thanks.
-
@Ben-H
False positive.
Because if I put malware into Notepad++, I would not tell you. -
@donho
Thanks. Is there a way to check with BKav Pro security vendor to see why it is a false positive? We just needed some explanation or confirmation that we are in the clear in order to satisfy the audit requirement by our company. Appreciate the Notepad++ team as always. -
@Ben-H I have just written to BKAV customer services and asked them to disable the false positive. I’ve had a good experience with this company and I’m sure it will disappear soon.
-
@datatraveller1
Great. Thanks much! -
This post is deleted!
