Open Source Code Signing. The product in the selected configuration is currently unavailable. I recently bought a certificate with KSoftware, but I still didn't finish the validation process, the validation team of Comodo keeps asking me for a phone number but the Face-to-Face didn't say it was obligatory.
I'll try and post an update here after I go through the validation and issuance. I'll let you know how it goes We have it now but it was a pain in the ass and took about a month to complete from start to finish. If you're in a hurry, I would look at different provider, like digicert. Note StartSSL has now closed and is no longer issuing certs. Frozenskys Frozenskys 3, 4 4 gold badges 22 22 silver badges 27 27 bronze badges. Google Chrome reports to me that startssl.
Looks okay. If you add the Root CA cert from startsll this will go away. It's always a great feeling to import Root CAs. Kinda defeats the entire purpose of having them. There is a certificate update for older versions of Windows that include it too afaik. Peter Mortensen Michael Haephrati Michael Haephrati 2, 1 1 gold badge 24 24 silver badges 44 44 bronze badges. The Overflow Blog. Tales from documentation: Write for your clueless users.
Podcast a conversation on diversity and representation. Upcoming Events. Featured on Meta. Feedback post: New moderator reinstatement and appeal process revisions. The new moderator agreement is now live for moderators to accept across the…. Allow bountied questions to be closed by regular users. Sign in to your account. From rfay on October 4, To send out trusted install packages for Windows we'll need a code signing certificate which must be purchased. From andrew-c-tran on October 5, The drawback of the EV code signing cert though is that it's bound to a physical USB dongle, and thus will need to be physically attached to the machine that's doing the signing.
This means no circle builds, so i'm not sure this route will work. According to Microsoft, the certificate can be bought from a few vendors, such as DigiCert and Symantec:. From andrew-c-tran on October 10, The sooner we get an application in, the sooner we can get signing. I'm not sure how long the approval process is, but on mac it's quite the wait from what i've read. From rickmanelius on October 10, Make sure you use the same browser on the same machine for this whole process to work.
Everything took about 3 hours, from signing up to downloading the certificate. I recommend Certum for their prompt support and quick identity validation. If you ever need a commercial certificate, consider Certum as a way to thank them for supporting the open source community. Blog ;. Sign in. Free code signing certificate for Open-Source Software.
Either way, the logistics are just a nightmare. So, the CAs have to charge at least enough to cover their own costs.
Plus, it also can act as an economic barrier to some negative actors, too. Even a modest financial barrier can sharply decrease the number of criminals abusing the system. Long story short, there are no free code signing certificates. None that are trusted, anyway. Rate this article: 4 votes, average: 4. But that is our goal for all non-commercial projects. The whole certificate authority industry likes to make money on the back of non-commercial projects.
They typically lure you into a free code signing certificate for 1 to 3 years and then there comes payday. One certificate to sign all of your releases just to avoid nasty built-in warnings in Microsoft Windows. That is just not enough for the price. As an organization, the CA can simply look you up in an online directory, but as an individual, you have to find a notary public and show them the following three items:. You have to fill out the validation form in the presence of the notary, and they have to notarize it.
You then have to file a support request with Comodo and attach a scanned copy of the notarized form and all identification documents to the request. It took a while to get confirmation of this procedure. When I purchased the certificate, the instructions the certificate reseller gave me were for organization validation, not individual validation. I had to get into a chat session with the reseller, and they had to confirm the correct procedure with Comodo and send me the correct link.