Where can I purchase a code signing certificate? Recommended providers
Are you a developer or IT professional looking to digitally sign your code or software application, but unsure of how to acquire a digital certificate? In this blog post, we will introduce you to some of the top providers where you can buy these certificates at an affordable cost.
Please be aware that we are not affiliated with any of these vendors and aim to provide an unbiased overview of your available options.
DigiCert
DigiCert is a leading global provider of digital certificates and a trusted name in the Internet security industry. The company was founded in 2003 and is headquartered in Lehi, Utah, USA.
DigiCert has gained notoriety, particularly after acquiring Symantec's Website Security and related PKI solutions in 2017, which solidified its position as a top certificate authority worldwide.
As of May 2024, DigiCert offers both Standard (OV) and Extended Validation (EV) certificates with the following three servicing options and pricing:
Code Signing - USB Token | Code Signing - HSM | Code Signing + KeyLocker |
---|---|---|
Use your hardware token or they will ship you one with your subscription. | Use your hardware security module (HSM). | Cloud-based key storage and code signing service. |
$54 / OV certificate/month | $72 / EV certificate/month | $44 / OV certificate/month | $62 / EV certificate/month | $65 / OV certificate/month | $83 / EV certificate/month |
Yearly option subscriptions are also available
For more details, visit DigiCert's code-sign certificate section.
Sectigo (Comodo)
Sectigo, formerly known as Comodo CA, is a leading provider of digital identity solutions, including SSL/TLS certificates, digital signatures, and managed PKI solutions. It is one of the world’s largest certificate authorities, helping to secure web transactions and online communications for millions of consumers and businesses.
As of May 2024, Sectigo offers both Standard(OV) and Extended Validation(EV) certificates each in the following option:
OV Code Signing Certificate | EV Code Signing Certificate |
---|---|
Price starts from $429/year. | Price starts from $498/year. |
Up to 37% off with a multi-year subscription. | Up to 37% off with a multi-year subscription. |
No monthly options are available.
For more details, you can check this direct link to Sectigo’s code sign certificate buy section. t the time this article was written, the Comodo website is still up and running, and you can purchase certificates there. Sectigo chose to keep the old website as a sales platform to make the transition easier for buyers.
GlobalSign
GlobalSign is a highly respected and well-established provider of digital identity services, known for its wide range of digital certificate solutions and identity verification services. Founded in 1996, GlobalSign is one of the longest-standing Certificate Authorities (CAs) in the world and has developed a strong reputation for providing secure and reliable digital certificates.
As of May 2024, GlobalSign offers both Standard (OV) and Extended Validation(EV) certificates with the following 2 options and pricing:
Standard Code Signing OV | EV Code Signing Certificate | ||
---|---|---|---|
Token Implementation | HSM Implementation | Token Implementation | HSM Implementation |
- Key storage on USB token or other hardware storage token. - Token NOT included. | - Key storage on HSM or Azure Key Vault, provided by the customer. | - Key storage on USB token, provided by GlobalSign. | - Key storage on HSM or Azure Key Vault, provided by the customer. |
For more details, you can check this direct link to GlobalSign’s code-signing certificate buy section.
Conclusion
Choosing the right code-signing certificate is crucial for ensuring the security and trust of your software, whether you choose a cloud-based solution or secure hardware-based services.
Certificate Authorities like DigiCert, Sectigo, and GlobalSign offer a variety of code-signing options, catering to different needs and budgets. While cloud-based services provide flexibility and scalability, on-premises solutions give you full control. Secure hardware-based services offer robust security for critical applications.
Before deciding, consider your specific requirements, such as the level of trust needed, budget constraints, and ease of implementation. By selecting a reputable CA and the right code-signing service, you can ensure your software is secure and trusted by users and operating systems alike.