I noticed that since April 2025, Microsoft’s Trusted Signing is no longer available for new subscribers outside the USA/Canada.
I’ve used KSoftware’s OV certificate before, but I’m curious what others are using in 2025.
Are you opting for OV or EV ? Any providers you would recommend?
Also, I understand that code signing certs must now be on hardware. USB tokens work, but not ideal for devs in different locations.. any feedback regarding cloud based HSM solutions ?
I went with an EV certificate. This is a pretty good guide for setting it up:
Kudos to @TobbenTM for writing it up.
Signing works quite well with AWS KMS in my experience. It’s great to have a cloud-hosted option, so I can potentially set up code signing on e.g. GitHub-hosted CI runners.
As for vendors, it’s mainly a matter of pricing, plus making sure they support cloud-based HSM. I picked GlobalSign - it wasn’t too many hoops to jump through when getting the certificate. You should shop around and see what fits your budget.
It might be worth getting a certificate for only 1 year, as hopefully Microsoft Trusted Signing will reach general availability by that time.
Good news,
Azure Trusted Signing has finally reached general availability:
Has anyone successfully completed Azure Trusted Signing verification for an entity less than 3 years old? All the official docs still indicate the 3 year requirement.
Yes, I enrolled my 1 year old company about a month ago! Still you have to be in US/Canada or EU/UK, though. And for individuals I think it’s still only US/Canada.
