Why are code-signing (and SSL) certificates so expensive?


4

I was looking for cheap code-signing certificates, but all I saw were over $100/year. I think the same applies to SSL certificates.

I read some references to insurance coverage amounts, maybe to be paid if a "certified customer" falls in improper or criminal behaviour.

In comparison to domains, certificates are very expensive. Could someone tell me why?

Plus, why not rely on credit card ownership to demonstrate some level of credibility?

Software Web Security

asked Oct 1 '11 at 02:40
Blank
Nestor Sanchez A
690 points
Top agency to build award-winning mobile apps: Utility NYC
  • http://codesigning.ksoftware.net/ have $99/y certificate. – Ross 7 years ago
  • Or https://author.tucows.com/certs.php if you want $75/y code signing certificates. It requires signing up with a free Tucows account before you can see the prices. – Wyatt O'day 7 years ago
  • Just a quick note that I think this topic is better off in the Webmasters forum since it leans more towards a technical question and the people there can provide plenty of insights into the matter. Didn't down vote however because I feel the question is solid. – Theonlylos 7 years ago

3 Answers


11

The low end on code signing certificates seems to come from Comodo resellers, who offer certificates from $90 - $100. Code signing certificates are fairly specialized. There is not a large market for them. In addition, they require actual manual work to verify the information you provide when you get one. While code signing certificates can be revoked, much of the software that checks for signing does not go on line to verify the signature has not been revoked, hence the need for greater security when issuing such a certificate.

SSL certificates are available for much lower prices. I have seen them go down to about $15. SSL certificates can be issued automatically, if all your company details match up. SSL certificates can (and often are) revoked at the browser level, with new browser releases. (Check out the Diginotar revokation in the last month.)

Domains have nothing to do with certificates. Anyone can buy a domain. Owning a domain name says nothing about the reliability of that company.

answered Oct 1 '11 at 03:52
Blank
Gary E
12,510 points

3

Issuing authority have to perform some background check and papers validation (company registration, photocopy of some documents etc. ) that is done manually. They have to provide time server as well.

answered Oct 1 '11 at 03:34
Blank
Ross
2,288 points

0

You should compare the features and advantages rather than the cost of code signing certificate. The certificate cost could be considered below decisive factor.

  • Certificates issued from, which Trusted certificate authority.
  • CA follows an authentication process to confirm your business identity that is presented in the trust dialogue.
  • CA follows CA/B forum guidelines while issuing code signing certificate to the organization.
  • Digitally sign will give positive impact of customer trust.
  • Time Stamp helps the code signing certificate from being expired and the software code will remain active due to time stamp facility.

For more information -

https://casecurity.org/wp-content/uploads/2013/10/CASC-Code-Signing.pdf

https://www.ssl2buy.com/code-signing-certificate



answered Apr 8 '15 at 07:29
Blank
Jeffrey Kramer
1 point

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Web Security