Comment by tensor
21 days ago
I really wish Microsoft made it cheaper to get a certificate. With Apple you pay $100 a year for any number of certs. Last I looked into it a cert for a single Windows app costs $400+ per year and requires a hardware token.
They greatly improved the situation over the past couple years. Azure Trusted Signing is only $10/month and provides cloud-based signing.
It's a huge pain to set up initially, but it's smooth sailing after that. There's a good tutorial at https://melatonin.dev/blog/code-signing-on-windows-with-azur...
The setup is the most insane stupid stuff I've dealt with in a while. I am currently waiting for them to agree that my DUNS number is real, and they made me remove the WHOIS privacy from my domain name to verify that my address is associated with it. The billing receipts from my host were insufficient for reasons they couldn't explain. Had to upgrade to the $30/mo and then the $100/mo support plan just to speak to someone and it's been 4 weeks without movement. But hopefully it will be worth it in the end, the EV certs are crazy expensive and don't even remove smartscreen warnings anymore.
Ugh, sorry to hear that, yeah the whole setup process is just so insanely frustrating. I'm really dreading having to re-validate my identity documents once they expire.
For what it's worth, in my experience it was even worse with EV certs though - all the same steps including removing WHOIS privacy, plus some extra ones like voice phone number validation that had to be repeated every single year.
And then there were extra WTFs with the EV cert expiration being 365 days after an issue date which is several days before you actually receive the hardware token. Or one year they sent the hardware token fairly promptly, but forget to send the password needed to use it, and it took a week to get a response from support etc. Then again, Azure Trusted Signing has similar ridiculousness with billing being based on calendar months, with no proration for your first month even if you started at the end of the month... I mean it's just $10 but it really adds insult to injury after that signup gauntlet.
Anyway, I've heard that if your Azure Trusted Signing process gets stuck in limbo, it can be best to submit a different document, but I'm not sure if there's any alternative permitted for the DUNS step. That's especially annoying because trying to update outdated info with Dun & Bradstreet is problematic in my experience, i.e. their web forms just plain did not function properly.
1 reply →
Only available to US and Canadian businesses who have more than 3 years of tax history. Weird limitation.
Nice, thanks, I'll take another look!
I really wish for people to not bend for that.