I will need to renew my certificate soon but it seems that from 1st June all certificates must be FIPS compliant and prices have raised from $80 to more than $400 for an individual certificate.
I’m actually thinking about not certificating my software, anyway pirates get more attention than myself.
Any hints, thoughts or help on this matter?
Thanks,
Alejandro
It would help others to shop pricing if you shared what service you looked at.
SSL.com is the provider I’ve been looking at. They seem to offer longer periods of validity for OV certificates (though a business EV is limited it to 2 years). I am in the process of figuring out if a Sole Proprietorship EV is worth the cost, but D-n-B is taking their sweet, sweet time verifying my business.
Code signing is specifically to let your users know the software has come from you unmodified along the way. If your user base is confident enough in your process that you don’t need to do this, then I suppose you could make the choice not to sign your software.
If you’re providing commercial solutions it’s generally expected that the software is signed.
Sorry, I bought it from LeaderSSL one year ago for 76 Euros and now they request $434 for renewing.
As you mention SSL seems to be cheaper at $129 and I have found also Certum at the same price.
It really wonders me that having an ID-card (with electronic certificate) issued by spanish government (and I believe it is the same in other countries) that allows me for legal, tax, and other processes including identifying myself for getting a code signing certificate I can not use it for directly signing binaries.
And code signing doesn’t implies you immediately get reputation, new executables may call the blue alert dialog, except for an EV one.
Probably I will have to pay but it doesn’t makes me happy.
Here’s a tip to save some money. EV certificates bypass SmartScreen, but are expensive, hard to obtain, and hard to use. OV certificates will need to put up with the “this app is not downloaded frequently” dialog for a little bit, but that reputation is tracked by the certificate, not by the build of your app. So buy an OV for as long as you can afford to, and you won’t have to deal with SmartScreen annually.
My plan is a 10 year SSL.com OV certificate when I’m up for renewal. Oh and here’s another tip: renew early. These companies love their onerous verification steps, so allow yourself time to get things corrected. Start a renewal 6-8 weeks before your certificate expires.
@Tim_Parnell It took a phone call from a DNB manager to get my record fixed. I forget how I got their attention, but I couldn’t fix my record because I couldn’t pass verification because something was wrong on my record. It was a nightmare, but the woman on the phone got it cleared up pretty quickly.