Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCode sign certificates

J90

J90

8 posts

Wannabe Geek
+1 received by user: 1


#222547 16-Aug-2017 23:30
Send private message

Do any developers out there have experience obtaining individual code sign digital certificates for use with Visual Studio?  What options, if any, are there for those in this part of the world?

Create new topic
ObidiahSlope
260 posts

Ultimate Geek
+1 received by user: 66


  #1847846 17-Aug-2017 03:25
Send private message

If you want to create a self-signed certificate for testing purposes the PowerShell tool New-SelfSignedCertificate may be useful.

 

 

 

Certificates and code signing are a bit of a riddle surrounded by a mystery, so good luck.




Obsequious hypocrite



BuffyNZ
241 posts

Master Geek
+1 received by user: 27


  #1847904 17-Aug-2017 08:30
Send private message

We authenticode sign our .NET assemblies using a cert from Thawte:

 

https://www.thawte.com/code-signing/?tid=a_box_buycs

 

 

 

Don't forget to time-stamp, not just sign.




Recursion: See recursion.
--
“It is important not to let the perfect become the enemy of the good, even when you can agree on what perfect is. Doubly so when you can't. As unpleasant as it is to be trapped by past mistakes, you can't make any progress by being afraid of your own shadow during design.”

     --Greg Hudson, Subversion developer

J90

J90

8 posts

Wannabe Geek
+1 received by user: 1


  #1847934 17-Aug-2017 09:50
Send private message

ObidiahSlope:

 

If you want to create a self-signed certificate for testing purposes the PowerShell tool New-SelfSignedCertificate may be useful.

 

 

 

Certificates and code signing are a bit of a riddle surrounded by a mystery, so good luck.

 

 

Self-signed certificates for development purposes aren't the issue.  Perhaps I should have been more clear, I was referring to CA-issued certificates for publication of software.



J90

J90

8 posts

Wannabe Geek
+1 received by user: 1


  #1847936 17-Aug-2017 09:59
Send private message

BuffyNZ:

 

We authenticode sign our .NET assemblies using a cert from Thawte:

 

https://www.thawte.com/code-signing/?tid=a_box_buycs

 

 

 

Don't forget to time-stamp, not just sign.

 

 

I had a look at Thawte awhile back, but unfortunately they are no longer an option.  As per a notice on the page you linked to:

 

Please note: All Thawte Code Signing Certificates for individuals have been placed in an End-Of-Sale status. Click here for more information.

 

 

 

There was an outfit called StartCom that seemed to be a popular option for individual code-sign certificates until they got busted last year for doing dodgy things.  Now reasonable options for individual certificates seem really difficult to find.  Setting up a company just to get an organisational code-sign certificate and publish software written by an individual developer seems like overkill, never mind the hassle and expense of doing so.

Lias
5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #1847975 17-Aug-2017 11:18
Send private message

I've only ever ordered one for an organisation, but from what I can see, all the major CA's will only issue code signing certificates to organisations now. I suspect that's to stop malware authors obtaining them.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

J90

J90

8 posts

Wannabe Geek
+1 received by user: 1


  #1848000 17-Aug-2017 11:52
Send private message

Lias:

 

I've only ever ordered one for an organisation, but from what I can see, all the major CA's will only issue code signing certificates to organisations now. I suspect that's to stop malware authors obtaining them.

 

 

The ironic thing being, of course, that code-sign certificates were never meant to be about proving that signed software was safe, only that the named individual/organisation was the owner/author of it.  A bit like how (NZ) birth certificates have a statement on them warning they should not be used as proof of identity, yet they commonly are.

 
 
 
 

Shop on-line at New World now for your groceries (affiliate link).

gzt

gzt
18672 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

  #1848084 17-Aug-2017 14:37
Send private message

StartCom / Wosign is still issuing I believe.

Chrome will no longer validate certs from that CA due to reasons above.

Codesigning is a different application, but yeah trust issues perhaps.

Edit: forgot to mention that they seemed to think that Google will let them back in but that seems unlikely to me.

ObidiahSlope
260 posts

Ultimate Geek
+1 received by user: 66


  #1848117 17-Aug-2017 16:54
Send private message

If you are coding for a customer using Windows Server the Domain Administrator should be able to provide you with a code signing cert that authenticates on computers in that domain.




Obsequious hypocrite

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright