Questions about code signing certificate



  • Is it normal when you buy a code signing certificate, you just receive the certificate without being controlled your identity?

    The first code signing certificate of Notepad++ was offered by Digitcert, I have got a video call from them and they have checked my identity paper online.

    This time I purchase a code certificate from Certum online, then wait for the contact from them to do the identity control (like Digitcert did to me), but nothing. 10 days after I receive the token, and surely the certificate is under my official name - it should be “Notepad++” instead.

    Do you have any good reference to buy code signing certificate (for Microsoft) ?



  • @donho

    Is it normal when you buy a code signing certificate, you just receive the certificate without being controlled your identity?

    i’ve seen that too, some authorities seem to only verify a random amount of their ssl cert request identities or organizations.
    seems like even if they pretty all are extremely overpriced at the moment, they lack the interest to pay for more employees ;-)

    10 days after I receive the token, and surely the certificate is under my official name - it should be “Notepad++” instead.

    afaik. some authorities only issue a cert to a physical entity, a person or organization, not to a product name or trade mark.

    Do you have any good reference to buy code signing certificate (for Microsoft) ?

    unfortunately at least i don’t know any at the moment.
    i used to purchase my code certs from startssl for a very affordable price of €59,- for 3 years, but they don’t exist anymore and i can’t afford to buy one for 500,- a single year or so for my private uses.

    if anyone knows any affordable and flexible cert source like startssl was, which also allows an issuer alias name instead of a person’s real name or legal entity, im very interested too.


Log in to reply