Digital Certificate Footprint

In today’s digital market trust is imperative. The need to protect your identity from Identity theft and hackers is critical. With software vendors there’s no exception and in fact may be more important because a vendor’s software has the potential to infect millions of user PC’s.

Code Signing Certificates

Code signing certificates prove to the end-user that the software they are and installing belongs to who they think it belongs to and that it wasn't tampered with. It allows the software publisher to digitally sign their code to prove to end-users that it has not been modified by a third party. Unfortunately, even those honorable small business software developers are affected by common criminals. A small vendor may not have the funds for purchasing digital code signing certificates and not doing so, puts them in an environment that appears to be negative. You know, those big yellow warnings when you try to install something. These warnings give no assurance to the user that the software developer is in fact the publisher of the software downloaded.

Not all software developer who develop software and don’t purchase code signing certificates are bad. Sometimes it’s just easier and faster to just deliver the software without signing, although it may not be the smartest way of doing business in today’s cybercrime environment.

The Process

Getting a code signing certificate is a verifiable process. Let’s take Comodo Certificate Authority for instance. The vendor fills out a form that asked for certain information such as the vendor’s business name. Comodo first make sure that the business is a real legitimate business by that name. It goes into the government public directories and searches for that business name. Of course, that business name also gives the address to verify that this is in fact the location specified on the application and the business registration.

After the business information has been verified. Comodo contacts the vendor or the vendor contacts Comodo? Now, that said we need to go to the frustrating part of getting a code signing certificate. Although Comodo is now rated at number one, getting a code signing certificate can be extremely frustrating for a small business. For example, the application has an area that you can put in your Dun & Bradstreet number so that they can verify your business information. Also there's an area if you do not have a Dun & Bradstreet number two place your DBA name.

Now, here's the interesting part, even after you submit all the needed information to Comodo.  Comodo still looks for a Dun & Bradstreet number; doesn't make sense to me if you don't have one. Not all small businesses have a Dun & Bradstreet number. Still, even if you send them a link to the county public or City search website for public records and they find your DBA, your certificate will still not be approved because most DBAs do not have your phone number attached to it.

A quick call to Comodo may remedy some of the situation and relieve most of the frustrations. For example, Comodo requires your contact information be in a public directory service such as www.zoominfo.com, www.bbb.org, www.zoominfo.com or www.buzzfile.com. Usually small businesses are busy developing software and maintaining their local website. They usually don't concentrate on public directory services just to have a listing.

Anyway, after you go ahead and list yourself with one of these directory services. You will have to wait even more time because these directory services do not instantly list your business. D & B can take up to 30 days to list your business and if you want faster service, this can cost you $499.00. Once your listing becomes active, you can send the link to Comodo to move forward in the process.

I would recommend that you make sure your business is listed with let’s say the BBB and your listing is correct (Business name, Address, Phone, eMail, established authorized representative, domain is owned by the organization, etc.) before you submit for a code signing certificate. This will help to ease the process and remove the Comodo frustration.

Final process

When the final process knocks on your door. You'll be joyful to finally be able to see the light at the end of the tunnel. You'll have to complete a telephone verification and some other little things. Seemingly, the telephone number is extremely important and that's how they also verify your contact information. This telephone number is something that they gather themselves and don't really ask you for it.

Lastly, you get a successful completion letter and able to pick up your code signing certificate. Now, picking it up could be tricky as well because you have to use a certain browser to get it for example; IE 8+ on Windows. The system actually installs the certificate in the browser but the instructions were a little unclear. For instance, you didn't really know if your private key came with a password or you could make your own.

After you've worked out those simple little difficulties; yes you can create your own passphrase. The rest was simple because your code signing certificate is now in your possession.

Relief

Finally, after the whole process is well and done you are certainly relieved. Getting a code signing certificate from Comodo could most definitely be a trying process if you're a small business just starting out. However, there is one good thing to say about all of the headache that you go through in getting the certificate. They surely do their checking and you can rest assure that those who have signed their certificate from Comodo have been surely checked out.

The Proof is in the pudding

So now that you have your Code Signing Certificate what’s in it for you and your customers? Code Signing is a great was for software developers to add a layer of security that will assure the user that your software can be trusted. Code Signing Certificate verifies the publisher's identity and creates trust because the content authenticity is maintained and the software is protected from tampering.

Customer confidence is inspired in software downloads and software use.  Lastly it protects the integrity of software publisher all with this little visual cue; the Windows User Account Control.

How can you get a Code Signing Certificate?

There are many places you can go to get your Code Signing Certificate from. However, we recommend Comodo. Comodo is one of the World's leading Global Certification Authorities (CAs), provides the highest standard and affordable SSL certificates available.  Comodo really checks on companies that want to receive a Code Signing Certificate, but still can offer a cheaper in cost Code Signing Certificate then most all CA’s. At the time of this writing you could get one for $59.00 a year for 3 years.

Published by JAMES STATOM

Leave a Reply