myBlog myBlog Home

Back to Blog MTNCOMP


Godaddy Code Signing Certificates, need time stamp

Published: Tuesday, June 12, 2018 written by Drew Jackson



Godaddy Code Signing Certificates, need time stamp

June 12, 2018

For the past 2 weeks I have been trying to work with code signing the GoGreen PC TuneUp™ software and utility so that the software is trusted during installation and download detection by Microsoft operating systems, browsers, and antivirus programs.

 

The odd thing is that there are two versions of a certificate to code sign. The Basic / Standard or EV (extended verification) versions of a code signing certificate. The standard one is less expensive than the advanced EV edition. Instead of $500 for an EV edition, the $200 edition for 1 year. The EV is about 2-3 times more expensive and slow to order, slow to process, yet once received works with with immediate reputation on the operating systems and antivirus programs.

 

So why is the Standard not fully trusted and requires lots of installations and overrides to get it trusted?

 

Could it be the time stamp switch being included or not during the code signing? probably.

 

It also basically comes down to money and vendor profiteering. There are non-profit was for open source code signing, but not for profit ways.

 

As a side note, time stamping was not stressed enough in any of the documentation of a basic code signing process. I realize now time stamping is vital in part to be trusted.

 

More to come.


if you found this article helpful, consider contributing $10, 20 or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.

© 2019 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.