Code Signing Tips

This section is for announcements, information and discussions relating to the help community -- for example news about events and seminars of interest, developments in help technology and so on.

Moderator: Tim Green

Post Reply
User avatar
Tim Green
Site Admin
Posts: 7818
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Code Signing Tips

Unread post by Tim Green »

Developers in the Help+Manual community have probably already learned about the unwelcome changes that have been introduced for code signing certificates in recent months. Specifically, the massive price increases from around $120 for 3.3 years to $300-$500 per year for only 1.3 years. Along with the fact that it is now only possible to use either a hardware dongle for the keys or a certified cloud service like Microsoft's Azure Cloud Signing, which means that you must also trust the service to store your private keys. Ouch.

Three-year keys still available for $129 per year until March

In the long term there's not a lot that can be done about this, but for the short term it's still possible to get 3.3 year keys until March of this year. In addition to this, FastSSL is offering 3.3 year keys for just $129 per year, plus the cost of the dongle. This is massively less expensive than anything on the market at the moment, and the respected security expert Steve Gibson has vouched for them. I'm not going to post a link so that there can be no suspicion of any kind of financial interests. If you Google for FastSSL code signing certificates you will find them being offered by a company called CheapSSLSecurity. This can at least provide a reasonably affordable option for the next three years, and hopefully the situation may improve after that.

Usable instructions for Azure Code Signing

The other hopefully reasonably priced long-term option is Microsoft's cloud-based Azure Code Signing. The problem with this is that its implementation is so opaque, complex and atrociously documented that even seasoned developers have been unable to get it working. However, Rick Strahl has taken the time to figure it out and has posted an excellent HowTo on his blog. According to reports, many developers have finally managed to get it working using these instructions:

https://weblog.west-wind.com/posts/2025 ... ed-Signing
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Post Reply