Code Signing Certificates for Delphi Apps

Does anyone have any experience purchasing Code Signing Certificates for Delphi apps? I think I understand the technical process, but when I look at actually purchasing, I get more confused.

I’m looking at Code Signing Certificate Starting at $89.54/yr - The SSL Store™ Australia and there is a big difference in price between the Comodo certs (which are only OV I think) and Digicert (which are EV I think).

EV seems to be a more thorough verification process and gives you instant reputation on MS Smartscreen, but if I’m not doing drivers/hardware, maybe OV is good enough? I’d be using it for installers and the apps themselves. Comodo also seems to cover MacOS signing, but Digicert is less clear.

Anyone been through all this?


I decided an OV was sufficient for my needs and bought my certificate from KSoftware.

This is for a Windows only app. I did the signing in FinalBuilder. It is a bit fiddly with timestamping which makes FB ideal to use. There is a blog about if I remember correctly. There is also a discussion about this in the Mail Archive.

1 Like

Hi Malcom,

Big price difference.

Some antivirus systems didn’t trust non EV certs which can cause some issues. This can be a problem for unattended updaters etc.

Still there’s no guarantees with EV but you get better coverage in terms of antivirus security applications

1 Like

I’ll add a vote for KSoftware as well:

I’ve used them for an initial code signing certificate and also a renewal - they’re just reselling the Comodo service if I recall correctly. Comodo were a bit difficult about the initial code signing certificate, but I contacted KSoftware and they got the ball rolling quickly after that.

At the time I renewed at least, KSoftware was the cheapest option. The page that you’ve linked to is deceptive with the page title - it doesn’t offer Code signing certificates for anything less than AU$112 per year and I suspect that’s not including GST as well.

1 Like

Yeah, I noticed you had to sign up to many years to get anywhere near that price.

Sounds like KSoftware it is then. Thanks guys

Also, Apple appear to have changed the rules (what a surprise) and don’t accept 3rd party certs anymore. So I guess it’ll be KSoftware AND Apple :slightly_frowning_face:

Very good support from KSoftware – over many years now! - Glenn

1 Like

I’ve used KSoftware for several years as well.
Have always had good service from them.

Lex EdmondsMicrotax Pty Ltd

1 Like

So for those who have used KSoftware, did you go for OV or EV certs?


OV seemed suitable for me. I thought that EV was more for driver related software that was run at a deeper level in the OS.

1 Like

I went for OV a few years ago, as that seemed to be all I needed.
However, Microsoft has tightened up a lot this year it seems, making downloads much more problematical.
It’s become a real pain under Windows 10.

So I have started to look at the possibility of upgrading to EV.


1 Like

What sort of issues have you found? Is it related to specific Windows 10 editions?

Non of my customers have reported any issues.

I sign my installs with the simpler (er cheaper) OV certificate from KSoftware.

Apart from showing the certificate in the properties of the file I have not really noticed any improvement in negotiating the warnings and quarantining etc from Windows/ AV/Browsers when a user does the download/install. I still get the unknown publisher warning,

Is this because the setup also needs signing, not just the contents?

I notice KSoftware has some info about building up your MS reputation if you go with an OV cert What is this "FILE is not commonly downloaded and could harm your computer" message? (SmartScreen) : K Software


Interesting, but sounds like too much work to me.


I’ve used KSoftware OV certificates for many years… although recently I had a LOT of trouble getting a new certificate (not the fault of KSoftware though).

KSoftware resell Sectigo certificates - and part purchasiing a certificate is proving identity - they basically use the D&B company database to lookup your phone number and call it. I closed our office last years so the number no longer existed - this caused a lot of issues - getting D&B to update your details in Australia is practically impossible (unlike for US companies) - and Sectigo were very inflexible when it came to how they will verify identity. I eventually somehow managed to get our D&B entry updated after 2 weeks of emailing and calling every contact I could find for them - the new cert arrived the day before our old one expired :worried:

As for EV certificates - that’s another world of hurt (and :moneybag: :moneybag: :moneybag:). Microsoft requires EV certs for device drivers etc…

Firstly the key is issued on a physical usb key - which is a major pain if your build server is in a data center in another city - and ours being in a shared cage I’m not keen to have it plugged into the server for other dc customers to find (mine is a digicert one with a bright blue led on the back that lights up my home office at night!). If you are using a cloud platform then you can’t just buy a physical cert and ship it to them - they do have some certificate features but most were not very windows friendly when I looked (a while ago now).

Then there’s the issue with getting virtual machines to see the physical device - Hyper-V server is not great with this.

And then we get to automation. EV keys are designed for User Interaction - they actually want you to type a password in each time they are used. They each have their own client software that needs to be installed - the most common one being SafeNet.

If your build runs under a service, you are sh1t out of luck. If your build runs from the desktop (ie running the FinalBuilder IDE) you can get it to work - however you will have to enter the password at least once in the client software.

I would just stick with an OV certificate if you can (that’s what we are currently using) and avoid the pain of EV’s

I agree with Vincent about the difficulty of proving my identity to Sertigo this year.
I eventually managed to get a Yellow Pages listing, and thankfully Sertigo accepted it.


I went for an OV in the end. We’re at the verifying phone numbers stage so let’s see what happens.

Thanks all

1 Like

Good luck. Takes a few weeks from memory unless you are lucky.

I used Comodo and then k-software as well. Had a look around and $80/year seemed the cheapest (this was 3.5years ago). I used to sign with SHA-1 and SHA-256 but lately only the SHA-256. I think it is necessary to find a timestamp to sign the files - I used one in Hawaii.

Also, found that is a great website to check any program/app. Usually virus scanners flag any new app until you add the app name to their list.

1 Like