Code signing certificate for open-source projects?
Update: No longer free, now €105.78 (as of 19 Feb 2017). The cost is less if you already own their crypto hardware. FWIW, following are the previous instructions.
The get a free code signing certificate from Certum/Unizeto for yourself as an individual, follow these steps. Use Internet Explorer or Safari, since they support the key exchange mechanism.
Browse to Test ID and OpenSource Code Signing certificates, and submit the form.
The certificate will appear under Activate Certificates. Click Activate.
Go through the activation wizard. For Organization enter Open Source Developer. For Organizational Unit, enter Software Publishing.
You'll get an email asking for proof of identity. Reply with a link to the open source project and an image of your driver's license (or another accepted document). To protect your privacy, you should encrypt the reply.* The way to encrypt varies by email client. For Outlook, ensure you have an email certificate (freely available), and turn on encryption.
Within a day or so, you should receive an email with a link to collect your certificate. You have to open the link from the same computer and browser you used to start the process.
* Although the verification email from Certum says to send the proof to [email protected]
, Certum also accepts proof sent to the reply address [email protected]
, to which you can send encrypted email.
For open source developers, Certum provides code signing certificates for free*
Just enter "open source developer" in the "company" field when you request the certificate. That's it.
Link to open source code signing certificates is here
[*] Starting 2016, the Open Source Code Signing certificate is no longer available for free. It is now a paid only service.