This is a preview version of Cyotek's blog and may be missing functionality and/or unstable. Please visit for the current version of the blog.
If you encounter any problems using this preview site, please contact us with the details.

Posts tagged with 'authenticode'

StartSSL code signing certificates are crippled

security code signing authenticode 0 Comments

TL;DR: StartSSL code signing certificates are crippled and your binaries no longer trusted once they have expired, even if they have been counter signed.

Two years ago I purchase a code signing certificate from StartSSL which was extremely smooth - I originally documented the process in a blog post.

Read More

Creating a code signing certificate with StartSSL

security code signing authenticode 8 Comments

Edit 02Jan2017: Even if you wanted to ignore the revelations of dubious practices of StartSSL and with them now being owned by WoSign, there is another matter to consider - StartSSL authenticode certificates don't support lifetime signing. Meaning, when your certificate has expired, your signed binaries are no longer trusted, negating the point of signing them in the first place. For this reason, I don't recommend using StartSSL any further.

The process of obtaining a code signing certificate from StartSSL differs significantly from the process I originally went through with Comodo. This blog post serves to document how I did it for StartSSL, both as a reference for myself and for anyone else! Personally I find this approach easier than fiddling around exporting certificates from a browser, and it gives you a lot more control.

Read More