Code signing certificate for open-source projects?


I want to publish one of my applications as open-source and want to digitally sign the binaries I've created with my own certificate. (Of course, anyone else can just download the code and build it themselves with their own certificate.) I want to do this so anyone can check that this build was made by me, not by someone else. I also want to create a secure website with a valid SSL certificate so visitors can create their own accounts in a secure way so they can contribute to this project.

I could create a self-signed certificate, but I don't really like that option. Or I could pay Verisign a few gold pieces to get the certificates that would be valid for just a few years. I don't like that option either, since my treasury is valuable to me.

So, are there any other options? For example, a provider that supports open-source projects by offering certificates for a reduced price? It doesn't have to be free, just a lot less expensive than Verisign…

(The Project is created in C# with Visual Studio 2008. Plus an additional project in ASP.NET that wants SSL.)

Best Solution

For open source developers, Certum provides code signing certificates for free*

Just enter "open source developer" in the "company" field when you request the certificate. That's it.

Link to open source code signing certificates is here

[*] Starting 2016, the Open Source Code Signing certificate is no longer available for free. It is now a paid only service.

Related Question