* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

StartSSL or Comodo? Which signing certificate do you prefer?

Is the StartSSL code signing certificate ok? Why so cheap?
Don Pedro Send private email
Tuesday, October 01, 2013
 
 
StartSSL seems to be for web sites, not apps.
PSB136 Send private email
Tuesday, October 01, 2013
 
 
That's what I was thinking to. Where do they specifically talk about code signing?
Jonathan Matthews Send private email
Tuesday, October 01, 2013
 
 
It works for apps.
Take a look at the "Object Code Signing" line in the following comparison chart:
https://www.startssl.com/?app=40
As can I see the Time-Stamping feature is not available for cheap certificate. I want to know from those who have used it, what other problems are exists?
Don Pedro Send private email
Tuesday, October 01, 2013
 
 
Ah yes. That was a little hidden. Their site could use some work ;)

This might help you decide....

http://www.sslshopper.com/startcom-certificate-authority-reviews.html
Jonathan Matthews Send private email
Tuesday, October 01, 2013
 
 
Speaking of code signing... I went to install an old version of RegMon today and got this lovely message after UAC asked me if I wanted to install the app:

"Error loading REGMON70: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."

So, code signing clearly does not last forever and didn't let me install the app.  If I had been a paying customer of this product, I'd be more than peeved that I can't run my investment anymore, even more so if the company had gone out of business!
PSB136 Send private email
Tuesday, October 01, 2013
 
 
We've used Comodo code signing apps for many years. Comodo works perfectly and is much cheaper than most. I have no experience with StartSSL.
Keith DeLong Send private email
Tuesday, October 01, 2013
 
 
Comodo works perfectly but StartSSL is much cheaper. Besides, Comodo validation is very complicated, it have a lot of complaints on the internet. But I have read that StartSSL can be invalid on XP and Vista.
Don Pedro Send private email
Tuesday, October 01, 2013
 
 
Code signing lasts forever if you timestamp the signature.
Dmitry Leskov Send private email
Wednesday, October 02, 2013
 
 
But there are rumors, that that is not the case with StartSSL. Even if the signature has been timestamped.
MatrixFailure Send private email
Wednesday, October 02, 2013
 
 
I use a comodo certificate, purchased through ksoftware, which is less expensive.
M.B. Dude Send private email
Wednesday, October 02, 2013
 
 
As far as I am aware, only Thawte, Verisign and Comodo sell authenticode certificates that are recognized by all major versions of Windows. But I could be wrong.

Note that you can use any old certificate to sign your app. But if Windows doesn't recognize it as a valid authenticode certificate, you are wasting your time.

As far as I aware, ksoftware sell the cheapest valid (Comodo) authenticode certificates.
http://codesigning.ksoftware.net/
Andy Brice Send private email
Wednesday, October 02, 2013
 
 
I've used both. Comodo was only $9.95/year through namecheap, but was a little harder for me to configure that startssl, which has the very useful online password removal tool. Both worked very well for me.
James Gassaway Send private email
Wednesday, October 02, 2013
 
 
>Comodo was only $9.95/year through namecheap

That is for a website certificate isn't it? Not an authenticode certificate.
Andy Brice Send private email
Thursday, October 03, 2013
 
 
I recently switched to Comodo from digicert because of the price - less than half, through ksoftware. A bit of a pain to validate (they all are), and slightly irritating that the license started on the day I paid, not the day it was validated (a week later). Support is definitely not as good as digicert (24 hour round trip conversations), but at the end of the day its a once every couple of years thing. New version is in beta with the new cert and the swap doesn't seem to have caused any issues (yet!).
Matthew Fender Send private email
Thursday, October 03, 2013
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz