4

I make programs that a lot of people use and one thing that would be nice to have a a digital certificate so when people run it is admin, it will show the user it was made by me and it hasn't been tampered with.

I have done research on this and you do have to pay. I don't mind, just can't be a whole lot.

But the other thing is that.. it seems to only work for business. I do not have a business, I am an individual developer.

So is there a way for an individual developer to get a code signing certificate?

This is for C# WinForm desktop applications, by the way.

Dan LaRocque
  • 4,903
  • 2
  • 20
  • 16
Eaton
  • 1,214
  • 2
  • 15
  • 27
  • Some options are listed in this similar question: http://stackoverflow.com/questions/1177552/code-signing-certificate-for-open-source-projects – Steve Guidi Jul 29 '10 at 19:01
  • Most of the answers there are for SSL certs and open source software. Mine aren't open source. – Eaton Jul 29 '10 at 19:07

1 Answers1

5

You can indeed get a code signing digital certificate in your name as an individual without having a company, I've done exactly this myself using the heavily discounted Comodo certificates from the Tucows author site.

There's a great walkthrough of all the steps you'll need here. All you need are a domain that's registered in your name with your phone number and address corresponding with your actual details and an email address you can respond from @ that domain. They contacted me to verify I existed and wanted proof of address and phone number (a scanned telephone bill did the trick).

Once you've got the digital certificate you can sign application in myriad ways (I use 'signtool' that comes with the .NET framework SDK).

John Conners
  • 189
  • 2
  • 4
  • Thank you for the fantastic answer! Looks good, but I cannot provide them with a telephone and utility bill. Are those important key factors and can they be substituted for something else? – Eaton Jul 29 '10 at 23:40
  • They're looking to verify to the 'best of their knowledge' that you are who you say you are and being able to tie a web site to your physical address which you can also prove you live at then that should be enough. Your best bet is to contact them in advance and ask them, given the evidence you have, if that's enough for them. As it happened my phone bill is in my wife's name but they were happy that it confirmed my address. – John Conners Jul 30 '10 at 13:31
  • is it possible to sign a cab file, then sign it again after altering it? Or do you need a new signature for each software update? thanks. – iddqd Jul 30 '10 at 16:39
  • If you alter a file that will invalidate the digital signature so you'd have to sign it again. I'd assume rebuilding a .cab file would create a new file anyway which wouldn't have the signature (which is appended onto the file itself). – John Conners Jul 30 '10 at 18:48