My Code Signing Certificate is up for renewal in April. I’ve just learnt the price has gone up from $135AUD to $385AUD. I’m going to need some help achieving this. If you value my products at all and have debated a donation, now is the time. Basically when the current certificate expires, the next release will have to wait until the funds are available.
Here you can get one for 203 USD. So it's 315 AUD.
At least a bit cheaper. I will donate to help
In the four weeks since I typed this, the price has gone up to $465AUD. I can see why most small time developers no longer bother with certificates.
Yeah. As long as you don't develop a driver, there is no need to sign the files.
Hello Glenn, appreciate your work.
Have you considered using something like Signpath, which offers free code signing certificates for open source projects?
@glenn
I had recently the same issue than you and after hours of searching, I've opted for HARICA signed certificates.
See https://harica.gr/en/Products/Code-Signing
I have my self-owned company so I've purchased a 4-year valid Extended Validation Code Signing cert for 740 Euros hence 185 Euros per year (with 2 certificates, I will get the 2nd one in 2 years - because no Root CA delivers certificates valid for more than 3 years).
Don't forget to request VAT refund if you are eligible as international customer.
Of course IV (individual) or OV code signing certificates are also available as a cheaper alternative (starting from 50 euros per year).
What convinced me is that HARICA is the public Hellenic Academic & Research Institutions Certification Authority, so it's a government-owned CA, and the only Root CA in Greece. It participates in all major Global ROOT CA Trust Programs, and operates as a "Trust Anchor" in widely used Application Software and Operating Systems, like Windows 10 where you can see the HARICA ROOT CA in the list of Windows trusted Root Certs for code signing.
HARICA is largely cheaper than other American companies for the same EV certificate, even when purchasing through resellers offering discounts.
In addition, after purchase, I had several exchanges with the HARICA technical support and I found them very reactive and technically competent (you can even discuss with them by phone during their Greek academic hours).
The USB key which hosts the private key is using a French Thales software (SafeNet Authentication Client).
I've received this key in a few days in express international mail.
HARICA sells various levels of code signing certificates (IV, OV and EV) so you can choose according to your budget.
But of course like for any other CA, only EV code signing should allow "instant" Microsoft SmartScreen reputation.
However I don't think you are necessarily seeking for such instant reputation, so an IV or OV cert should be sufficient.