Windows Code Signing recommendations

Hi,

I was wondering which companies code signing certificates y’all are using?

These are the ones I’ve checked out – and obviously their prices vary dramatically… Not in any particular order…

DigiCert

StartSSL

Verisign (Symantec)

Comodo

GlobalSign

Thawte

Instant SSL

Any opinions or recommendations?

Thanks,

Rail

Hi Rail,
using a Comodo certificate here at SampleSumo, for signing InnoSetup installers (using kSign) + also an AAX plugin in the works (with Eden wraptool).
Best,
Koen

Hi Rail,

I bought my Comodo Code Signing Cert from author.tucows.com. It was $195 for 3 years ( $65/year). For verification your company needs to have a phone number listed in an official phone directory available online.

Cheers,
Samuel

Thanks guys!

Rail

For basic windows AAX signing using wraptool, do I need a code signing cert? If so, I imagine I’d better snag one and also re-up my apple developer ID, as it expired two weeks ago.

I’m using Edenlite and AAX2.

-M

No, for simple AAX code-signing you can use a self-generated certificate. I generated the certificate on my Mac, exported it, copied to my Windows machine and it worked like a charm.

5 Likes

.

Posted to wrong thread (sorry)

Hmmmm … so the AAX getting started guide insists that you need Authenticode certs on windows … but a self signing will do? mind blown

Why am I sending all this money to Comodo? Not sure these certs are worth anything for plugin developers. Although, I guess it clears up the whole “untrusted developer” warning in the installer. Then again, with no standard location, the installer can just be a zip file too.

The only good reason for code-signing under Windows is for installers. we’ve seen some issues in-house and reported by users with Browsers or Windows warning the user about potential hazard due to our installers not signed. (p.s. you should also do your uninstallers signed…)

Yeah, a code signing certificate is only needed for signing installers. A self signed certificate (done in OS X) is enough for AAX.

Before I bought the code signing cert I hoped that signing my Windows installers will lead to fewer false positives by McAfee. Well, it doesn’t. I still have to send them each and every updated installer for whitelisting…