You will need the signtool from Microsoft. According to their docs it’s included in the Visual Studio installer.
It was also included in the Ksign installer, but that tool stores your certificate password hex-encoded in a text file so I really would recommend not using it.
Again, American centric
We dont have ID cards in the UK. I wonder what they will ask for…
they offer EV SSL certs for 5 years at less than £500
I wonder why code signing EV certs are massively more expensive?
Weird, LeaderSSL is based in Amsterdam, The Netherlands.
Do you have any ID with your address? (driver’s license or other)
In Mexico, they changed the driver’s license to not have an address (at least in Tamaulipas). The passport has no address too. I don’t know what they accept in this case.
If no adres is shown on the ID card (In Belgium this is the case) you need to provide for example an electricity bill too.
Also a Dun&Bradstreet link to your company is important, so it seems. That for sure rules out people who do not have a VAT.
Anyhow, I probably going to buy at LeaderSSL next week and pay with PayPal so if needed a refund is easy to do.
It seems KSign can only be used by certs that are bought at KSoftware (it does call home before calling the cert provider timestamp server).
So I made a similar tool were you can set the Timestamp server. This way it works to code sign with all cert providers.
I need to tweak and do some more tests and will release it for free (maybe someone with a GitHub account can make it opensource later).
They are very fast in answering my questions (and very friendly too). That gives me some confidence to buy my certificates there.
I am going to buy new certs on Monday and see how it goes.
I can highly recommend LeaderSSL. They are extremely helpful and very fast answering questions and guide you thru the whole process.
Dealing with Sectigo is another matter. In short, it’s all black and white doing the verification process.
Basically this is what they need to do the verification:
A photo of your IDCard.
A selfie you holding the IDCard.
If you have a company and VAT, you also need to proof this via Duns & Bradstreet and VIES.
If you do not have a company, you need to have a IDCard with your adres shown. If your IDCard does not have an adres shown, you will need to go thru an extra verification process with a notary (which will cost you about $500).
Proof that you are the owner of the domain used by your company. They use WHOIS for this. But for EU domain owners, this does not work because because of GDPR the owner is not shown. Only the registrar. In this case you need to provide the latest invoice of your domain provider that shows you are the owner.
And be prepared for a dozen questions of Sectigo for all kind of (stupid) details. Anyhow, it takes about 4 days (in my case) to get verified.
Important! In the past you needed to use Firefox to get your certs. For Windows, this is not working anymore and you need to use Internet Explorer 8 or Edge.
Regarding doing the code signing:
kSign (of KSoftware) does not work with the OV certificate I received. Luckily I made my own code sign tool and that works fine.
Relieved that I now have a new OV certificate for 3 years.
For this they use a phone number found on the internet linked to your name or company. They will not use a phone number you provide. So make sure your phone number is registered at for example Whitepages (for EU).