Code Signing Certif...
 
Notifications
Clear all

Code Signing Certificate

8 Posts
4 Users
3 Reactions
870 Views
Glenn
(@glenn)
Member Admin
Joined: 6 years ago
Posts: 1322
Topic starter  

My Code Signing Certificate is up for renewal in April. I’ve just learnt the price has gone up from $135AUD to $385AUD. I’m going to need some help achieving this. If you value my products at all and have debated a donation, now is the time. Basically when the current certificate expires, the next release will have to wait until the funds are available.


   
Quote
(@0xdeadc0de55)
New Member Registered
Joined: 9 months ago
Posts: 3
 

Here you can get one for 203 USD. So it's 315 AUD.

At least a bit cheaper. I will donate to help


   
Glenn reacted
ReplyQuote
Glenn
(@glenn)
Member Admin
Joined: 6 years ago
Posts: 1322
Topic starter  

In the four weeks since I typed this, the price has gone up to $465AUD.  I can see why most small time developers no longer bother with certificates. 


   
ReplyQuote
(@0xdeadc0de55)
New Member Registered
Joined: 9 months ago
Posts: 3
 

Yeah. As long as you don't develop a driver, there is no need to sign the files.


   
ReplyQuote
Glenn
(@glenn)
Member Admin
Joined: 6 years ago
Posts: 1322
Topic starter  

@0xdeadc0de55 Many would disagree...


   
ReplyQuote
(@apricity)
New Member Registered
Joined: 6 months ago
Posts: 1
 

Hello Glenn, appreciate your work.

Have you considered using something like Signpath, which offers free code signing certificates for open source projects?

https://signpath.org/

https://about.signpath.io/product/open-source


   
ReplyQuote
Glenn
(@glenn)
Member Admin
Joined: 6 years ago
Posts: 1322
Topic starter  

@apricity that would be fine for SDIO which is open source, in fact I'll study that option in the coming days. However, Desktop Info and other such projects are not open source so I'd still have to pay for a certificate for those.


   
apricity reacted
ReplyQuote
(@sdiofr)
New Member Registered
Joined: 6 months ago
Posts: 1
 

@glenn
I had recently the same issue than you and after hours of searching, I've opted for HARICA signed certificates.

See https://harica.gr/en/Products/Code-Signing

I have my self-owned company so I've purchased a 4-year valid Extended Validation Code Signing cert for 740 Euros hence 185 Euros per year (with 2 certificates, I will get the 2nd one in 2 years - because no Root CA delivers certificates valid for more than 3 years).
Don't forget to request VAT refund if you are eligible as international customer.

Of course IV (individual) or OV code signing certificates are also available as a cheaper alternative (starting from 50 euros per year).

What convinced me is that HARICA is the public Hellenic Academic & Research Institutions Certification Authority, so it's a government-owned CA, and the only Root CA in Greece. It participates in all major Global ROOT CA Trust Programs, and operates as a "Trust Anchor" in widely used Application Software and Operating Systems, like Windows 10 where you can see the HARICA ROOT CA in the list of Windows trusted Root Certs for code signing.

HARICA is largely cheaper than other American companies for the same EV certificate, even when purchasing through resellers offering discounts.

In addition, after purchase, I had several exchanges with the HARICA technical support and I found them very reactive and technically competent (you can even discuss with them by phone during their Greek academic hours).

The USB key which hosts the private key is using a French Thales software (SafeNet Authentication Client).
I've received this key in a few days in express international mail.

HARICA sells various levels of code signing certificates (IV, OV and EV) so you can choose according to your budget.

But of course like for any other CA, only EV code signing should allow "instant" Microsoft SmartScreen reputation.
However I don't think you are necessarily seeking for such instant reputation, so an IV or OV cert should be sufficient.


   
Glenn reacted
ReplyQuote
Glenn's Page