Alchemy Mindworks

Software that’s distributed over the Internet is traditionally “signed” using a “code signing certificate.” A code signing certificate allows an authority ostensibly worthy of trust to vouch for whoever is distributing the software in question.

At least, that’s how it’s supposed to work.

In reality, signing distributed software with a code signing certificate doesn’t do a lot beyond suppressing the scary messages that some web browsers and / or Windows might display when you download or install software. Absent a signing certificate, you might see a message to the effect that the publisher of the software in question could not be verified. There’s an example below.

Alchemy Mindworks has signed its software with a code signing certificate for the past several decades, as we didn’t want to unsettle users of our products with ominous popups.

Code signing certificates were never inexpensive, but in the summer of 2023 they quadrupled in price… for no detectable reason. They also became manifestly more complex to use, both for software developers like us and in some cases for users of software who want to install downloaded products.

The best that can be said of code signing is that it offers users of signed software a degree of assurance that what they’re installing really came from the publisher who purports to have created it. If you’re downloading Alchemy Mindworks software from the Alchemy Mindworks web site, you can enjoy a substantially greater level of confidence that this is so than a digital certificate would have afforded you.

Nobody gets to upload software to our servers except for us.

In the interest of keeping our costs – and hence our prices – at their lowest possible levels, we’ve decided to forego commercial code signing certificates going forward. If you download and install our software – without having read the rest of this posting – you might see a warning to the effect that the publisher of our software is unknown or couldn’t be verified.

After a suitable period of head-scratching, we’ve created a simple procedure to disable Windows’ myriad warnings for downloaded Alchemy Mindworks software. We hasten to add that this will in no way compromise Windows’ internal security – it’s simply a way to reassure Windows that you trust our software without being prompted to confirm that you really, really, really want to install it every time you download something.

Certificate Installation – Windows 10

If you’re running Windows 11, please scroll down to the next section.

To make all this work, you’ll need to download and install the Alchemy Mindworks trusted certificate by clicking on the foregoing link. Save the resulting ZIP file to wherever you like to keep your downloads.

In the interest of completeness and full transparency, the following description of the certificate installation procedure is somewhat verbose and detailed. It will invariably take you longer to read than to complete – it’s all pretty simple.

Open the ZIP file – or just double-click on it to open it in File Explorer – and then extract and double-click on alchemy_dist.cer. You might see a prompt window like the one to your right asking you which application you want to open the .cer file in.

Choose the Crypto Shell Extensions option and then click on OK.

This window doesn’t always appear, and if you’ve never had cause to get up close and personal with Windows’ certificates, you probably won’t see it.

A Windows Certificate window will open, like the one to your right. Once again, this is something you probably won’t have encountered previously if you haven’t had cause to concern yourself with Windows’ certificates.

Windows’ certificates are seriously weird – if this window is new to you, be smug.

You’ll note that the Certificate window states that “The CA Root certificate is not trusted.” This is nothing to concern yourself with – it means that Windows doesn’t know who we are. You presumably do, or you wouldn’t be reading this.

Note that the certificate was issued to Alchemy Mindworks by Alchemy Mindworks. In a commercial code signing certificate, it would have been issued to Alchemy Mindworks by a certificate authority you’ve almost certainly never heard of, but are expected to trust anyway.

Click on Install Certificate.

A Certificate Import Wizard will appear. It includes a brief explanation of certificates and certificate stores. We recommend reading this only if you find yourself to be in need of sleep. The world of signing certificates could put bricks into a coma.

Click on Next.

The Certificate Import Wizard will present you with a screen to allow you to choose where your new certificate is to be added to Windows’ certificate store. Select Place Certificate in the Following Store and click on the Browse button.

A Select Certificate Store window will open – there’s one illustrated a few paragraphs down. Select the Trusted Root Certificate Authorities option, as shown therein, and click on OK.

You’re essentially telling Windows that you trust us. We have very honest faces.

Your Certificate Import Wizard’s Certificate Store field should now have Trusted Root Certificate Authorities as its destination.

Click on Next to get to the final confirmation screen of the Certificate Import Wizard. Click on Finish to complete the certificate installation into your Windows certificate store. Of course, this being Windows, you’ll probably see one more warning, like the one below. Click on Yes to dismiss it, and you’re done.

With the Alchemy Mindworks trusted certificate installed in your Windows certificate store, you’ll be able to install Alchemy Mindworks software without seeing any scary Windows messages about trusting its publisher… for at least the next ten years.

As a final note, in what we hope is the highly unlikely event that you subsequently decide that you don’t trust us, or that you’d like to remove the Alchemy Mindworks certificate from your Windows store, doing so is even easier than the foregoing installation procedure was.

To remove the Alchemy Mindworks trusted certificate:

1. Type certmgr.msc in the Run field of the Windows Start menu and hit Enter. A Certificate Manager window will open.
2. Select the Trusted Root Certificate Authorities item, usually the second one in this window.
3. Expand the Certificates item within Trusted Root Certificate Authorities.
4. Locate the item Alchemy Mindworks Corp. Right-click on it and select Delete from the menu that appears.

The Alchemy Mindworks certificate will be history.

Please scroll down to the closing section of this posting.

Certificate Installation – Windows 11

Installing a certificate under Windows 11 is substantially easier than it would be under Windows 10, and this version of the instructions for the Alchemy Minworks Trusted Certificate is somewhat shorter as a result.

To make all this work, you’ll need to download and install the Alchemy Mindworks trusted certificate by clicking on the foregoing link. Save the resulting ZIP file to wherever you like to keep your downloads.

In the interest of completeness and full transparency, the following description of the certificate installation procedure is somewhat verbose and detailed. It will invariably take you longer to read than to complete – it’s all pretty simple.

Open the ZIP file – or just double-click on it to open it in File Explorer – and then extract and double-click on alchemy_dist.cer. A certificate window like the one to your right will appear.

Windows’ certificates are seriously weird – if this window is new to you, be smug.

Click on Install Certificate.

You’ll be welcomed to the Certificate Import Wizard – probably without a trumpet fanfare or a complimentary drink, but don’t let this disappoint you. Select the Current User option and click on Next

The second page of the certificate import wizard will appear, looking more or less like the one below.

Select Place Certificate in the Following Store and click on the Browse button.

A Select Certificate Store window will open – there’s one illustrated a few paragraphs down. Select the Trusted Root Certificate Authorities option, as shown therein, and click on OK.

You’re essentially telling Windows that you trust us. We have very honest faces.

Your Certificate Import Wizard’s Certificate Store field should now have Trusted Root Certificate Authorities as its destination.

Click on Next to get to the final confirmation screen of the Certificate Import Wizard. Click on Finish to complete the certificate installation into your Windows certificate store.

You’ll be told that the installation was successful.

With the Alchemy Mindworks trusted certificate installed in your Windows certificate store, you’ll be able to install Alchemy Mindworks software without seeing any scary Windows messages about trusting its publisher… for at least the next ten years.

As a final note, in what we hope is the highly unlikely event that you subsequently decide that you don’t trust us, or that you’d like to remove the Alchemy Mindworks certificate from your Windows store, doing so is even easier than the foregoing installation procedure was.

To remove the Alchemy Mindworks trusted certificate:

1. Type certmgr.msc in the Run field of the Windows Start menu and hit Enter. A Certificate Manager window will open.
2. Select the Trusted Root Certificate Authorities item, usually the second one in this window.
3. Expand the Certificates item within Trusted Root Certificate Authorities.
4. Locate the item Alchemy Mindworks Corp. Right-click on it and select Delete from the menu that appears.

The Alchemy Mindworks certificate will be history.

Trust

We’d like to take this opportunity to thank all the users of Alchemy Mindworks software who’ve undertaken to jump through this additional hoop. It is our sincere hope that the authorities who issue code signing certificates might one day repent of their rapacious pricing and maximally-paranoid security procedures… but we doubt it.

Thanks for trusting us.

Should you have any concerns about our software, the security thereof, any of the details of the procedure explained in this post or the issue of code signing, we invite you to contact us. We’ll be pleased to explain this situation in as much detail as you require, and the message you receive will be signed by a living, breathing Alchemy Mindworks staff member – not a certificate.

(You might also want to disable Windows’ Smart Screen warning windows. Please click on the foregoing link for assistance in doing so.)