In my experience, there doesn’t seem to be any sort of qualitative advantages and cost is the only factor in selecting a certificate source. I’ve used symantec, digicert, and globalsign in the past. Looking around I see digicert has doubled their price to $664 / year which is a little scary of a trend as we are at the whims of these people’s prices. On the other hand Sectigo can be found for just $250 / year. Is Sectigo or any other alternative a good way to go?
The Sectigo web site says $290/year for a 3-year cert. I am also very curious to know if this works, and if there is a cross-cert for the older systems, assuming Microsoft backs off of their fascist policy to kill the cross-certificate authority.
This whole thing pisses me off enormously, as I posted a couple of months ago. When the EV need became clear, I got one from Digicert for about that price. Two years later, the price had doubled, and two years later it has doubled again. All of that for a product that requires ZERO human intervention and has ZERO incremental cost to them. It is criminal. I did not renew mine, the first time in 15 years I’ve been without a certificate. Hopefully, I will retire before I need one.
I am reluctant to put in a direct link, but currently aboutssl.org offers the Sectigo EV code signing certificate for $224/year.
For about five years now, I am using a code signing certificate from Certum. It is not an EV one since I do not have a company name yet (that should hopefully change in several weeks’ time). Their certificates were reasonably cheap and their process identity verification was/is more friendly to Central Europe users than that of e.g. Symantec (at least for guys inexperienced in these matters as I had been).
However, it seems they also made their EV certs a little bit more epxensive.
@Rourke & @Tim_Roberts
You should get a big discount in the price if you go through from this MSFT page.
For instance, when I use the Digicert link from that page, an EV cert is only $104/year vs the $664 if you go from their main page.
Hope this helps.
Eric
Very good hint.
Indeed Digicert and others have had “specials” before… but I always lose track of them, they expire, or they have a purpose that doesn’t quite fit.
The direct link to use from the MSFT page Mr. Wittmauer points to is this: https://www.digicert.com/friends/sysdev/
Thanks, Mr. Wittmayer!
Peter
But, as far as I can tell, there’s no way to use that link if you already have a Digicert account. The link then goes straight to their “dashboard”, where the price remains at the totally outrageous $664/year. I suppose I could just create another account.
Hi @Tim_Roberts ,
We didn’t have create a completely new account, I didn’t do the purchase myself but I believe once you have the discounted one in your cart you can login to your current account? We just couldn’t “renew”, which for the savings wasn’t an issue.
Thanks @“Peter_Viscarola_(OSR)” I’ve had consitent luck in getting a discount by using the links in the Microsoft instructions for signing driver submissions, whatever they happened to be at the time.
The discount page is now gone. The link now goes to a page asking $699 USD/year for an EV cert.
Just last week, I took ownership of a 2 year EV cert from GlobalSign for $720. It’s still a lot of money, but it’s one hell of a lot cheaper than DigiCert. They have permanently lost a customer, and I’m telling everyone I know. I’m still pissed off about this. Given the incremental cost to them of a renewal, what Digicert is doing is nothing more than larceny.
I found Sectigo EV Code Signing Certificate at only $224/year a trusted reseller CodeSigningStore - https://codesigningstore.com/code-signing/sectigo-ev-code-signing
@Rourke said:
In my experience, there doesn’t seem to be any sort of qualitative advantages and cost is the only factor in selecting a certificate source. I’ve used symantec, digicert, and globalsign in the past. Looking around I see digicert has doubled their price to $664 / year which is a little scary of a trend as we are at the whims of these people’s prices. On the other hand Sectigo can be found for just $250 / year. Is Sectigo or any other alternative a good way to go?
Indeed $250 / year is high!, In my opinion pricing differs from vendors available on the web.
I found a way cheaper source for Sectigo EV Code Signing Certificate starting at just $169.99/Per year- https://signmycode.com/sectigo-ev-code-signing
After the recent update on code signing certificates released in June 2023, all vendors or resellers have raised their code signing certificate prices. After all the analysis, I found that the cheapest EV Code Signing Certificate is Certera EV Code Signing Certificate starts at as low as $269.99 per year!
What about GoGetSSL?
How do you expect someone to “thoroughly compare SSL certificates?” It’s just a text file. It’s not like “build quality” is going to be an issue. Either is works or it doesn’t.
Also, please remember that an SSL certificate is not the issue. An SSL certificate is much easier and much cheaper than an EV Code Signing Certificate.
Did you really miss the “ad talk” in his post?