Code Signing Certificate for open-source projects?

views:

1531

answers:

+4 Q:

Code Signing Certificate for open-source projects?

(Project created in C# with visual studio 2008. Plus additional project in ASP.NET that wants SSL.)

I want to publish one of my applications as open-source and want to digitally sign the binaries I've created with my own certificate. (Of course, anyone else can just download the code and build it themselves with their own certificate.) I want to do this so anyone can check that this build was made by me, not by someone else. I also want to create a secure website with a valid SSL certificate so visitors can create their own accounts in a secure way so they can contribute to this project.

I could create a self-signed certificate but I don't really like that option. Or I could pay Verisign a few gold pieces to get the certificates that would be valid for just a few years. I don't like that option either, since my treasury is valuable to me.

So, are there any other options? For example, a provider that supports open-source projects by offering certificates for a reduced price? Doesn't have to be free, just a lot less expensive than Verisign...

+3 A:

You could have a look at https://www.startssl.com/

Frozenskys 2009-07-24 13:15:45

Funny. Google Chrome reports to me that startssl.com has an invalid certificate and warns me about the risks of proceeding to this site. :-) I did proceed, though. Looks okay.

Workshop Alex 2009-07-24 13:27:07

If you add the Root CA cert from startsll this will go away. I believe that FireFox 3+ ships with this CA cert built in.

Frozenskys 2009-07-24 13:28:13

It's always a great feeling to import Root CAs. Kinda defeats the entire purpose of having them.

Matthew Whited 2009-09-28 15:07:04

+6 A:

For open source developers, Certum provides code signing certificates for free.

Just enter "open source developer" in the "company" field when you request the certificate. That's it.

Stefan 2009-07-24 13:41:42

Been to the site and can only see SSL certs, can you deep link to the code signing certs?

Frozenskys 2009-07-24 14:02:00

Stefan 2009-07-25 17:18:05

+4 A:

You can also check out KSoftware, they resell Comodo code signing certs for $99/ year.

Joe Kuemerle 2009-07-24 14:23:36

I've used them successfully in the past. Tucows also is a reseller, and if you do a multiyear deal, I think you can get them for about 70 a year.

EricLaw -MSFT- 2009-07-24 14:27:16

+3 A:

You can try CAcert. With this you get certified by other CAcert-users. CAcert has a reputation-based system, so if you are certified often enough your certificate is counted as valid.

Mnementh 2009-07-24 14:32:42

The downside with CACert is that it's not included by default in any of the major browsers (http://wiki.cacert.org/InclusionStatus), so the typical user experience is no better than that of a self-signed cert.

Kohsuke Kawaguchi 2009-10-25 03:24:21

+4 A:

Thawte offers a free Code Signing certificate for approved open source developers. The best part about is that this is the full version.

Check it out here: http://www.marketwire.com/press-release/Thawte-1071098.html

Charles 2009-11-23 18:40:49

They say they are going to, but have they started offering them yet?

shemnon 2010-02-05 16:15:06

ansaurus

tags:

views:

answers:

Code Signing Certificate for open-source projects?

related questions