Hacker News new | past | comments | ask | show | jobs | submit login

The cheapest base code signing certificate will be via a Sectigo (formerly Comodo, although they allow resellers to advertise either brand) reseller. I'm not affiliated with this site beyond being a customer, but the website 'codesigncert.com' is the absolute cheapest i've found for Windows signing (EV 3 years: $219/yr [0] / regular 3 years: $59/yr [1]).

Note that this landscape might change in the future. Microsoft is working on Azure Code Signing, which will mean Microsoft themselves manages issuing the certificate, doing the identity verification, etc - the only catch being that they probably don't want to have to deal with any lost keys or improperly stored keys, so they don't let you generate your own cert and you can only sign certs via the API or other integrations. All of this info is available via this talk [2] and it's the only public information available on this service that i've found.

0: https://codesigncert.com/sectigo-ev-code-signing

1: https://codesigncert.com/sectigocodesigning

2: https://youtu.be/Wi-4WdpKm5E?t=530




I just renewed a certificate using Sectigo, it was a painful experience.


Wasn't for me. That site's renew button simply starts an order for a new one (as renewal is really just replacing with a new, extended certificate) and sectigo themselves re-did all the company verification, after which my cert was issued. Went smoothly except for waiting ~24 hours for it. If you were trying to get an EV certificate, the process is supposed to be more strenuous on making you prove your operation (sometimes) as well as prove that your certificate infrastructure is secure enough.


It wasn't an EV certificate, just ordinary code signing. I guess you were just lucky.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: