Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 30, 2016, 06:47:10 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Code signing certificate?  (Read 944 times)

highend01

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 110
    • View Profile
    • Donate to Member
Code signing certificate?
« on: October 16, 2015, 05:30:00 AM »
Hi,

can anyone recommend a particular code signing certificate authority (there are a lot of them...)?

I probably have to sign .exe files in the future (if the current commercial project is going to be implemented). Prices vary a lot and they are per year not a one time sale *sigh*.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,079
    • View Profile
    • Donate to Member
Re: Code signing certificate?
« Reply #1 on: October 16, 2015, 07:46:09 AM »
Most certificate vendors sell a certificate that valid for a year. After that year has passed, you need to pay up again. How much you need to pay varies, depending the nature of the use. Personal use is not that expensive, commercial use however...

Now I do not know if a certificate with the sole purpose of signing code is valid for 1 year only. It is a rather short period as software can be in use for longer intervals and yearly renewal becomes quite a headache for every user making use of the software.

StartSSL is a company that offers free and paid for certificates, there are others that do the same. Better check these out first before you commit to any vendor.

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,119
    • View Profile
    • Donate to Member
Re: Code signing certificate?
« Reply #2 on: October 16, 2015, 08:33:28 AM »
I've looked at the ones from K Software in the past, but not had enough reason (or money) to get one. They resell Comodo certificates.

As I understood it, it is important to get a certificate that includes access to a time-stamping service, because then your signatures will be valid even if you stop paying yearly.

I don't think they offer EV certificates, but I doubt you'd need one anyway.

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,751
    • View Profile
    • Donate to Member
Re: Code signing certificate?
« Reply #3 on: October 16, 2015, 09:11:20 AM »
Now I do not know if a certificate with the sole purpose of signing code is valid for 1 year only. It is a rather short period as software can be in use for longer intervals and yearly renewal becomes quite a headache for every user making use of the software.
When using a time-stamp server during the actual signing process, the executable is signed 'indefinitely', only if that part is left out the end of the certificate also expires that exe (it behaves as if it isn't signed any longer). Using the /t <timeserver-url> option on signtool seems mandatory, IMHO. This implies that internet-access is mandatory during the signing process :tellme:. AFAICS, most time-stamp servers are freely accessible to anyone.

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,717
    • View Profile
    • Donate to Member
Re: Code signing certificate?
« Reply #4 on: October 18, 2015, 03:40:47 PM »
We (Planetside Software LLC) have one from K Software. They seemed to have the best price on a Comodo cert. The process is a little annoying to get any cert, but having dealt with StartSSL before for an SSL cert, I felt it was *less* annoying to deal with K Software. They hand you off to Comodo for verification anyway. And ultimately I don't think there's a way around much of the identity verification hassle. That's sort of the point I guess. ;)

Anyway, I would not say this is a super strong recommendation for K Software, but I can say that it worked fine and the price was right.

- Oshyan

highend01

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 110
    • View Profile
    • Donate to Member
Re: Code signing certificate?
« Reply #5 on: October 19, 2015, 03:23:56 AM »
Thanks for all the comments and suggestions!

K Software seems to be really cheap in comparison to all the other vendors I've looked up. If the contract get's signed I try to get a certificate from them :)

Regards,
Highend