Comodo: $166.95 http://www.comodo.com/business-security/code-signing-certificates/code-signing.php
But I bought mine through Ksoftware which is a reseller of comodo: http://codesigning.ksoftware.net/ $95/year .. Corneliu. On Mon, Apr 15, 2013 at 5:11 PM, Greg Keogh <[email protected]> wrote: > I received a free code signing certificate from Thawte a few years ago, > valid for 2 years, valued around $600US. I can't remember all the details > now, but there was a bit of misery involved in getting it installed and > working and I had to make some delicate adjustments to my build processes > to use the certificate. I remember receiving incoprehensible problems that > drove me nearly insane (again) when importing and managing the certificate > and using the signtool.exe utility. It was fun to see a signed app finally > come out, but the extra work was not worth for my case where I don't > publish my own commercial software. I publish lots of free demo apps and > code, but there no use in signing that sort of thing, in fact you have to > keep your certificate private and secret and not give it to other > developers. Then the person installing the signed software has to go > through steps (that I've forgotten) to say they trust your certficate and > it's not a magically simple as you expect. So overall, as a single > contractor developer, I found a real certificate is of little practical use > and lots of suffering. > > Greg Keogh > > P.S. I just found some of my old batch files that run makecert and > signtool. They used to work of course years ago, but now I'm getting "The > signer's certificate is not valid for signing" even though it all looks > good when viewed in certmgr.msc. Lord knows, I give up immediately as I > have enough outstanding problems. > > > > > On 15 April 2013 15:16, Katherine Moss <[email protected]> wrote: > >> Hi guys, >> I've been arguing with myself about this for a while. I'm progressing in >> my .net development learning with C#, and I'm pretty dang sure I'm going to >> be catching on soon. I had some ideas for the open source community, >> clearly both for the experience, for the privilege of working with people >> who develop for the sheer fun of it while producing quality software at the >> same time. And with that comes authenticode issues; where to get a >> certificate that's not $10,000. Because I know that even in the free and >> open source world trust is still an issue, however there are no open source >> or community-based certification authorities, or at least none that offer >> code signing. I've noticed a lot that most open source projects don't >> actually have a cert issued by a trusted publisher, and that hasn't stopped >> me from running the application (most of these have come from the CodePlex >> forge, and I cannot remember which ones they are), and I will even bravely >> add self-signed certificates to my root store for those Windows 8 Modern >> apps that people want to keep away from the Draconian, super-restricted >> environment that Microsoft's Tiled World has become. So, is it that >> important? I mean, how seriously do you take the warnings about >> self-signed certificates? How worth is paying inordinate amounts of money >> for a code signing certificate in an open source project when you can >> easily make one and get your users and loyal followers to trust you >> directly instead of some ding dong head that is getting paid to say, yes, >> this software is issued and signed by so and so? Anyway, opinions would be >> good; I'd love to hear what real developers have to say about this. >> >> >
