Anyone know anything about self-signing software

K

Kirby

Active Member
Reaction score
227
I write very amateurish software, but useful. Most of what I write I offer to my clients, though I don't think I get a lot of takers as it's just random stuff I find useful. There's a program to check for stuck keys, one to print out deposit slips, one to reconcile the cash drawer, etc. I do have one that used to be able to eliminate more than 90% of the viruses I was seeing at the time I wrote it (they mostly had very similar behavior that was easy to spot), but that one is no longer as useful as it used to be.

Anyway, I don't want to pay to sign my software, but signing it would be useful. Some antivirus products and even Internet Explorer either delete or simply refuse to download things from my site, which is annoying. I've read about self-signing, but really don't know a lot about it. Specifically, whether it would be useful since there's no reputable company attached to the signature who can attest that I did, in fact, give them money (because really that's all the damned signature says anyway). And I certainly don't know how to do it.

So can I get some general knowledge here? Is self-signing really the "thing" it appears to be? Would it prevent programs from saying, "Hey! You didn't give any money to a third-party company to prove that you exist!" and deleting the programs on download? Would it actually be useful? And if so, are there any straightforward resources to tell me how to go about it? I really don't have the patience to really dive into learning new computer stuff any more. I just don't love learning computer stuff any more.
 
Thanks. I don't charge for the stuff I write for myself, so I won't be paying for a certificate. It doesn't make me money and it only helps to avoid problems actually caused by the invention of the certificates, so it's pretty much pointless.
 
It's been a few years since I last looked, but it sounds like prices have stayed pretty steady. I was actually looking at it for use with signing macros in an Excel spreadsheet being used as a form, but since that form gets used on a grand total of 3 machines (terminal servers) I just cheated and IIRC added the self-generated certificate to the local certificate stores.
 
Instant Housecall - Corey said:
Self-signing won't do you any good. You need to buy a code signing certificate for what you're looking to do. They're $84/yr from ksoftware.net.

Self signing is a thing, but it's not intended for production or distribution.
Click to expand...
Thanks for this, I did not know about this certificate vendor. Their prices are reasonable.
I often have problem with antivirus software like Symantec, sometimes Kaspersky and Avast with Fab's AutoBackup packages that are wiped from the disk even if they are harmless. I guess signing my apps should get rid of this.
 
What you could do for free is generate a ten year self signed certificate, save it with the private key and then create a web page with instructions where your customers can download the cert it and import it into their machines' Trusted Root Certificate Authorities repository (only a few steps).

This would make theit machines trust your cert, despite it being self signed.

Customers with Active Directory could push the certificate out as a trusted root certificate authority using Active Directory:

https://blogs.technet.microsoft.com...ficate-as-a-trusted-root-ca-in-windows-vista/

All in all, $84 per annum is much less hassle!!!!!!!
 
Now i'm not certain i'm correct here but isnt it 59 for 2 years from startssl in your personal name? I think thats how much I paid for a code signing cert in my name.
 
ComputerRepairTech said:
Now i'm not certain i'm correct here but isnt it 59 for 2 years from startssl in your personal name? I think thats how much I paid for a code signing cert in my name.
Click to expand...
i had a look at their web site and it's not entirely obvious what their code signing offering is. They offer a "Class 2 Code Signing Certificate" as part of a "StartSSL™ Identity Validation" package for $59/yr (USD I presume). And then further down the page in the comparison chart they offer apparently the same package with "Object Code Signing" valid for 2 years with "validation validity" for 1 year. They don't explain what all of that means.
 
glennd said:
i had a look at their web site and it's not entirely obvious what their code signing offering is. They offer a "Class 2 Code Signing Certificate" as part of a "StartSSL™ Identity Validation" package for $59/yr (USD I presume). And then further down the page in the comparison chart they offer apparently the same package with "Object Code Signing" valid for 2 years with "validation validity" for 1 year. They don't explain what all of that means.
Click to expand...
Yes, that is not obvious at all
 
glennd said:
i had a look at their web site and it's not entirely obvious what their code signing offering is. They offer a "Class 2 Code Signing Certificate" as part of a "StartSSL™ Identity Validation" package for $59/yr (USD I presume). And then further down the page in the comparison chart they offer apparently the same package with "Object Code Signing" valid for 2 years with "validation validity" for 1 year. They don't explain what all of that means.
Click to expand...

If my memory serves me correct you can only get certs issued from them while your identity is valid which lasts a year but the object code signing cert lasts 2 years from issue date.
 
You must log in or register to reply here.

Similar threads

lan101
Am I the only one that doesn't trust nvme drives?
Replies
15
Views
607
lan101
lan101
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
347
fincoder
fincoder
HCHTech
[SOLVED] Exchange Mail Flow Rules and + addresses
Replies
4
Views
156
HCHTech
HCHTech
autumn
Does anyone have experience with https://www.galacticscan.com/
Replies
1
Views
309
Diggs
Diggs
Appletax
AVG hosed the OS - BSODs, bootrec/fixboot "Access is Denied"
2
Replies
25
Views
1K
britechguy
britechguy
Back
Top