Transitioning from EV Certificate to Azure Trusted Signing: publisherName and trust Issues

[alexfr26]

• Electron-Builder Version: 26.0.0-alpha.6

• Node Version: 20.11

• Electron Version: 22.3.27 (tested on v.31+ as well)
• Electron Type (current, beta, nightly): current

• Electron-Updater Version: 4.3.5

• Target: win (NSIS)

Hi! We’re transitioning from an EV certificate to Azure Trusted Signing for signing our Electron app. In our electron-builder config, the publisherName field was set as follows based on the EV certificate:

"publisherName": [
  "Organization Name LLC"
]

In the new Azure certificate, the organization name is in uppercase (ORGANIZATION NAME LLC). My questions are:

1. Should the publisherName field be updated to include both formats to ensure compatibility with the new certificate during updates?

"publisherName": [
  "ORGANIZATION NAME LLC",
  "Organization Name LLC"
]

2. Currently, during the app update process, the system doesn’t trust the app signed with the Azure certificate. This seems to be due to a lack of reputation for the new certificate (e.g., issues with SmartScreen or Windows Firewall blocking updates). What’s the best way to address this issue and establish trust for the Azure certificate?

3. Is it better to:

• First release an update signed with the current EV certificate, including the updated publisherName field, and then switch to the Azure certificate in subsequent updates?
• Or is there a way to implement dual signing in electron-builder to sign with both certificates (EV and Azure) simultaneously for a smoother transition?

Any guidance on how to ensure a seamless transition, maintain trust during updates, and avoid issues with publisher verification or auto-update would be greatly appreciated!