Are there any issues migrating to non-Verisign code signing certificate after verisign cert expires?
Posted on 2010-01-08
My multi-year Verisign code signing cert expired, so we have to renew it. Verisign wants $499 for one year, I can get a Comodo code signing cert for $99. Financially, this is a no-brainer.
However, way back when I remember there was issue with installshield and creating vista distributions that the code signing cert had to be issued by verisign, so I am concerned that that there may be some compatibility issues that might make it better in long run to pay the extra $400.
1. For code already running at end-users that was signed with the old cert before it expired, will those executables be affected in any way if we don't renew with verisign? Will they still be able to install code on new machines that we digitally signed months and years ago using the old cert?
2. Will my app have problems installing on unpatched vista, Win7, Win2k3/8 O/S, or does Verisign still have some monopoly in the MSFT core that prevents any other non-verisign signed app to run unless system is patched/updated?
3. Anything else I need to know, like will the signcode.exe or any other MSDN utility have issues I need to be aware of.
Thanks. P.S. i am not married to Comodo as a code signing cert authority, I just don't want to throw money away on verisign's cert if I can effectively get the same thing for a fraction of the cost elsewhere. Suggestions on another