renew code signing cert for Windows
Due to StartCom's validility being questioned (at least in Browser), look for alternatives. (current cert is valid until end of May 2018)
Note: We only needed an Extended Validility cert from StartCom, because their regular code-signing cert didn't support the corresponding flag in the cert.
As we don't do hardware drivers or kernel modules, we're fine with an Authenticode/Multi Purpose certificate.
The typical vendors come to mind:
Thawte, Symantec/Verisign, DigiCert
Price is around 200-250USD/year, depending on validation period (up to three years)
has a small (and slightly outdated) comparison, also includes GoDaddy
Other vendors are GlobalSign and Comodo.
#2 Updated by Christian Lohmaier 11 months ago
Symantec messed up just recently, issuing a bunch of testcertificates second strike for them, so leaning towards digiCert at the moment.
#3 Updated by Florian Effenberger 10 months ago
Is digicert the way to go now, shall I proceed with them, or do you do further research?
#5 Updated by Christian Lohmaier 10 months ago
go with digicert I'd say. I'll create corresponding certificate signing request after reading their fine print
#6 Updated by Christian Lohmaier 8 months ago
- File cert_request_2017.req.asc cert_request_2017.req.asc added
- Assignee changed from Christian Lohmaier to Florian Effenberger
(and of course with "Enhanced Key Usage: Code Signing" and no Lifetime Signing (i.e. valid after cert expires). Also added Time Stamping and Microsoft Time Stamping like with the StartCom one in the past, sha256RSA, 4096bit keysize)
reassing to floeff for the digicert paperwork)
#8 Updated by Florian Effenberger 8 months ago
- Status changed from New to In Progress
Sorry, didn't get a hand on it before my vacation, will look into things afterwards
#9 Updated by Florian Effenberger 7 months ago
- Assignee changed from Florian Effenberger to Christian Lohmaier
Kicked the process off, but had no option to upload the CSR so far
Right now validation is taking process
I'm listed as contact for the administrative purposes, you are listed as technical contact who will also receive the certificate
#11 Updated by Florian Effenberger 7 months ago
- Due date set to 2018-08-01
- Status changed from Closed to In Progress
- Target version changed from Q2/2017 to Recurring
Certificate expires August 2018