Any recommendations on where to obtain a code signing certificate meeting the following requirements:

• No more than $100 / year.
• It needs to be for an individual, not a company. I'm based in the UK, if that matters.
• No ridiculous verification processes. e.g. As an independent developer, I don't have a landline and I don't want to offer phone support. When I looked into using Comodo last year, they were requiring me to get a landline and advertise it both in an online directory and in the certificate itself.

Last year I ended up going with StartCom, but that certificate is now expiring and unfortunately, they don't seem to be considered very reputable these days.

Getting a certificate seems to have become a ridiculously expensive and complicated process for legitimate small developers. Ironically, if I was some dodgy malware producer, I could buy a stolen certificate for a fraction of the expense and effort...

I work in the CA industry and can tell you now you will struggle to find a Code Signing Certificate at that price. Due to new regulations all CA's are required to put the certificate and keys in a hardware token such as a USB which has driven the cost up for many. I recommend GlobalSign as they are the best for vetting and you will get your certificate quickly and efficiently (assuming you have given them all the correct information) alongside great support if you need it...(which is very likely with code signing!)

Natasha, thanks for the recommendation, but GlobalSign is probably out of my budget and it doesn't look like they offer certificates for individuals in any case.

Sadly, it's looking like Windows is no longer viable for small time developers. Mobile is my main market now, but I started on Windows and have kept a small but loyal fanbase for nearly 20 years.

Microsoft really seems to be doing their best to discourage independent developers with all the over-the-top security warnings, and I'm not even convinced it's done anything for safety. Half the users are scared to authorize anything, and the rest just blindly click through every warning regardless.

It doesn't stop being viable, it just means you get a warning when you run the installer.

There is an invisible file attribute flagging the file as downloaded from the Internet or untrusted network. It is fine for that to be on your program's installer, people are used to warnings when installing. The installer will deploy files, and those won't be marked as untrusted. No signature required for them.

I have tried publishing without a coding certificate in the past, but many of my users aren't especially tech literate. I don't object to Microsoft giving a warning that the program's author can't be verified, but the language used is so overly alarming that many mistake it for a statement that they're installing a virus. Believe me, I've had the emails...

I've never understood why Microsoft can't just allow coding certificates to be linked to the developer's website instead of their business/personal name. It would make verification a doddle, remove the need for certification companies and be virtually cost free.

Sadly, it's looking like Windows is no longer viable for small time developers. Mobile is my main market now, but I started on Windows and have kept a small but loyal fanbase for nearly 20 years.

Microsoft really seems to be doing their best to discourage independent developers with all the over-the-top security warnings, and I'm not even convinced it's done anything for safety.

Largely it has done nothing for security as far as the end user is concerned. It has done zero from a developer's standpoint that I have seen. I am gradually trying to move my code to linux, but that has its own problems, like piss poor webcam support for anything other than literally viewing the webcam. I need full PTZ and real time decoding to RGB buffers. but that is such a small niche market they disregard it.

move my code to linux, but that has its own problems, like piss poor webcam support for anything other than literally viewing the webcam. I need full PTZ and real time decoding to RGB buffers. but that is such a small niche market they disregard it.