New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cheapest Certificate for Code Signing
trycatchthis
Member
in Help
So apparently they are at least 6 types of SSL certificates for websites:
Extended Validation SSL
Domain Validated SSL
Organization Validated SSL
Wildcard SSL
Multi-Domain SSL
Unified Communications SSL
And none of these can work for code signing.
Anyone aware of the cheapest code signing certificate you can get?
Comments
https://sigstore.dev/ is free
If it's a commercial project, I would recommend DigiCert certificates. It also depends on what code you want to sign with it. If these are any drivers, remember to buy the more expensive version (EV).
I used to use DigiCert certs for the Yarn installer, but they got very expensive at some point. They used to be around $170/year but now they're $499/year and that's not even the EV version!
Ksoftware is good: https://www.ksoftware.net/code-signing-certificates/. $69/year if you get a three year cert. They use Sectigo (formerly Comodo) and all the verification is done directly through Sectigo. https://classic.yarnpkg.com/latest.msi is signed with one of their certs.
@Daniel15 How is the compatibility? As a few years ago I tried to use a certificate other than DigiCert, it looked very poor.
Like: DigiCert EV > nothing > other providers EV
I haven't had any issues and it works just as well as the DigiCert certificate did. Sectigo is huge and Microsoft link to them in their driver developer docs for code signing (eg. see https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate) so I wouldn't imagine any difficulties.
Even if you buy through a reseller, the certificate will be exactly the same as if you bought it directly through Sectigo. All the management is directly through Sectigo's site rather than through the reseller.
The "Comodo" name was so much cooler 😎
Yeah... it conjures up images of Komodo dragons. It looks like they're using the Comodo name for their other stuff (security software, etc) and only renamed their ComodoCA subsidiary.
Yeah, but tarnished by the shittyness of trying to muscle in on Let's Encrypt trademarks (https://en.wikipedia.org/wiki/Comodo_Cybersecurity#Let's_Encrypt_trademark_registration_application). I don't care what they are calling themselves I'll never be using them and their sibling companies after that.
If this actually available to use today or do you have to wait later in the year?
Wow... I didn't hear about that. That's pretty bad.
It's hard though, because only a few companies are authorized by Microsoft to sell Authenticode certificates.
@trycatchthis Like the SSL certificates types you've mentioned, code signing certificates available in the market, like OV Code Signing (For Organisations), Individual Code Signing(For Individual Developers), and EV Code Signing(For Large Software Organisations)
[spam/shill text]
Mod edit (angstrom): removed
Actually, to me it conjures up images of a commode.
GoGetSSL offers code signing certificates.
https://www.gogetssl.com/code-signing-ssl/
Yes, Ksoftware is good but I found another code signing certificate provider named SignMyCode and they offered Code Signing Certificates at $39.99 per year. check it - https://signmycode.com/code-signing-certificates