Windows Code Signing recommendations


#1

Hi,

I was wondering which companies code signing certificates y’all are using?

These are the ones I’ve checked out – and obviously their prices vary dramatically… Not in any particular order…

DigiCert

StartSSL

Verisign (Symantec)

Comodo

GlobalSign

Thawte

Instant SSL

Any opinions or recommendations?

Thanks,

Rail


#2

Hi Rail,
using a Comodo certificate here at SampleSumo, for signing InnoSetup installers (using kSign) + also an AAX plugin in the works (with Eden wraptool).
Best,
Koen


#3

Hi Rail,

I bought my Comodo Code Signing Cert from author.tucows.com. It was $195 for 3 years ( $65/year). For verification your company needs to have a phone number listed in an official phone directory available online.

Cheers,
Samuel


Code Signing Certificate Vendors
#4

Thanks guys!

Rail


#5

For basic windows AAX signing using wraptool, do I need a code signing cert? If so, I imagine I’d better snag one and also re-up my apple developer ID, as it expired two weeks ago.

I’m using Edenlite and AAX2.

-M


#6

No, for simple AAX code-signing you can use a self-generated certificate. I generated the certificate on my Mac, exported it, copied to my Windows machine and it worked like a charm.


#7

.

Posted to wrong thread (sorry)


#8

Hmmmm … so the AAX getting started guide insists that you need Authenticode certs on windows … but a self signing will do? mind blown

Why am I sending all this money to Comodo? Not sure these certs are worth anything for plugin developers. Although, I guess it clears up the whole “untrusted developer” warning in the installer. Then again, with no standard location, the installer can just be a zip file too.


#9

The only good reason for code-signing under Windows is for installers. we’ve seen some issues in-house and reported by users with Browsers or Windows warning the user about potential hazard due to our installers not signed. (p.s. you should also do your uninstallers signed…)


#10

Yeah, a code signing certificate is only needed for signing installers. A self signed certificate (done in OS X) is enough for AAX.

Before I bought the code signing cert I hoped that signing my Windows installers will lead to fewer false positives by McAfee. Well, it doesn’t. I still have to send them each and every updated installer for whitelisting…