Where can I get a free code signing certificate for signing my applications? Ascertia used to give them out for free but apparently they don't anymore. Mine just expired and I'm looking to get another one? Any ideas?
Asked
Active
Viewed 1.9k times
22
-
what kind of code signing? GPG type of signing? what are you signing your code for? are you talking about signing releases? – dharga Sep 27 '09 at 00:29
-
1I'm talking about a PFX one that I can sign programs made for Windows using VB.NET and C#. Release signs, yes! – Icemanind Sep 27 '09 at 00:30
-
Do you need it for ClickOnce or just for a Strong Name? If you create a strong naming key with a password it will be created as a PFX instead of SNK. – Matthew Whited Sep 28 '09 at 15:05
-
I just need a strong name. When a person installed my program and tries to execute it, vista comes up with some warning box. It goes away if I sign my program. I don't need ClickOnce though. – Icemanind Sep 29 '09 at 21:35
-
OpenSSL - [http://www.openssl.org/](http://www.openssl.org/). Is this what you are looking for? – Tone Sep 27 '09 at 00:43
-
1Code-signing is completely unrelated to SSL certificates. – iCollect.it Ltd Oct 28 '14 at 16:50
3 Answers
26
It looks like you're looking for a code signing certificate to sign your ClickOnce deployed programs. Use makecert.exe. Since you'll be making an untrusted certificate anyways, put the validity date out 50 years and you won't have to worry about expiring certificates. Also, make sure you include the -pe switch so you can export it out of the certificate store (this creates the .pfx file you're looking for). Include the -r switch because you're self-signing it. So, your command should look something like this:
makecert -r -pe -n "CN=Your Company" -b 01/01/2009 -e 01/01/2050 -ss my
Then, go into Certificate Services:
- Run
- "mmc"
- Add/Remove Snap-in
- Double click "Certificates"
- OK, OK
Your new certificate should be sitting in the Personal folder. Right click it -> All Tasks -> Export. Make sure to export it WITH the private key. That should give you your .pfx file. Save that in a safe place (off your computer). You don't want to be resigning your applications all the time. There's a bug in VS2005 that is proliferated by resigning your apps.
If you're talking about obtaining a trusted certificate, I am not aware of any root CA's that give them out for free.
James Jones
- 8,653
- 6
- 34
- 46
-
Works sweet! And if you use "signtool.exe signwizard" you don't even need to do the mmc steps, thw wizard will pull in from the My cert store. – Ken H Nov 16 '09 at 19:56
-
2
-
A certificate is necessary in order to complete the ClickOnce publish process. – James Jones Sep 24 '12 at 20:37
-
6
-
3FYI this is now depreciated and MS now recommend you use this tool https://technet.microsoft.com/itpro/powershell/windows/pkiclient/new-selfsignedcertificate – rollsch May 24 '17 at 23:38
-
@PaulLassiter yes but for POC of signing and local dev you don't want to use your proper signing cert. Proper practice the certificate should be on your build machine away from exposure from all dev machines to lower compromise surface area. – Shiv Jul 20 '21 at 01:44
-
5
Take a look at this question and its answers as it references many CAs that will give free certificates. Though the question is specific to open source projects, I think that some of the CAs don't place this restriction on the certificates they issue.
Community
- 1
- 1
Steve Guidi
- 19,700
- 9
- 74
- 90
5
Ascertia worked for me
Ascertia Give you trail for 30 days, you will get .pfx file after registration
Used signtool process to register
signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f "MyCert.pfx" /p MyPassword /d SignedFile.exe SignedFile.exe
Salahudin
- 96
- 1
- 3
-
Although this may answer the questions, you may wan't to provide some extra details and explain the answer. In it's current state this answer is low-quality. – Rolf ツ Dec 15 '17 at 08:45
-