TuCows code signing certificates?

https://author.tucows.com used to be a place to buy inexpensive code-signing certificates for windows. The site is dead. I sent a customer service request to the main tucows.com site and have heard nothing.

Anyone know what’s going on?

I’m not sure, I used other services in the past, but they are gone as well. Seems that https://sectigo.com (formerly Commodo) bought many former cert issuers. If you are in a rush I’m using: https://www.ksoftware.net/ but they are using sectigo as well in the back.

If anyone is aware of a cheaper version, I am happy to know, as I only use it for my businesses, and to avoid some of their admins are going nuts ;-). So the cheapest possible, the better.

KSign processes are quite straight forward. What is annoying is their process of validating your phone number. Our public phone number is forwarded to an external help desk, and so guys are often not able to follow their advice “Now press 2, to get your verfication code” :-). So this ends up every year in a 4 hours process, which should be a 10 seconds thing. :slight_smile:

I use Ksoftware. Always for 3 years because that’s the cheapest option.
The first time it can be overwhelming. You need to go to some verification processes, including a call with one of their support people.
But re-newing certs is very fast (mostly 1 hour).

Side note: I have OV certs. Which means you need to acquire a reputation. It can take a while before your certs will return green Smartscreens.
But ones you have a good reputation, your good for as long you do renewals.

BTW in the past you could download your software several times to get a good reputation. Now you need several hundreds (thousands?) and they have to be from different locations (read: different IPs).

1 Like

Did you find out if this is handled per app, or per cert? We never reached the trustfulness. Reason: apps for only a very few user in NPOs, Only reason is to calm down the users, and if they call the admins, to calm down those. The admins at least know our company name and then they will help the enduser to click the right buttons :-).

It by cert for sure.

1 Like

Anyone have experience comparing the two? I, too, found the “verification” process to be difficult, which is why I’d love if Tucows came back online so I don’t have to go through that again.

And, I’m worried that starting from scratch would involve Microsoft Defender bloks my installer and apps

I used codesigncert.com pretty simple and fast.

I tried them years ago. Waited two weeks and didn’t receive the cert. Contacted them multiple times through all the avenues I could find and never got a satisfactory answer. Eventually disputed the charge.

1 Like

^ This + MANY other factors makes important the industry to solve the certification mess market. Such thing can done by accredited orgs maintained by joint efforts from such players as ISRG - Internet Security Research Group. They are aware of this, not sure if, when, and how they will contribute to fix it. There are ways and they are aware. I hope not waiting 10 more years to see it fixed. I don’t know why some devs would be against it unless they run some of those (some scammers) certification websites and fear about the “health” of their business.

2 Likes

Never had this…

A note to Tucows Downloads Authors/Developers*

If you’re a developer who used the Tucows Author Resource Center (ARC) as part of your software dissemination, to buy code signing or other services, we’re happy to help with the transition.

Any certificates purchased through ARC remain valid. If you’re looking to buy or renew code signing certificates, we invite you to go straight to the source; Sectigo was our supplier and will be happy to be yours too.

Tucows suggests we migrate to Sectigo https://sectigo.com/