certificatevendors.html : Java Glossary

The CurrCon Java Applet displays prices on this web page converted with today’s exchange rates into your local international currency, e.g. Euros, US dollars, Canadian dollars, British Pounds, Indian Rupees… CurrCon requires an up-to-date browser and Java version 1.8, preferably 1.8.0_131. If you can’t see the prices in your local currency, Troubleshoot. Use Firefox for best results.

certificate  certificate vendors
Use these just for a ballpark. Check the websites.

I thought you would like to see the prices on this webpage in  CurrCon Applet needs Java 1.8 or later to display prices in your local currency. , but you can change that instantly, thanks to the Canadian Mind Products CurrCon Applet that you too could use on your own website to display prices in any world currency using today’s exchange rates.

Digital Certificate Vendors
Company Types of Certificate Sold. All prices are in  CurrCon Applet needs Java 1.8 or later to display prices in your local currency.
Company Types of Certificate Sold. All prices are in  CurrCon Applet needs Java 1.8 or later to display prices in your local currency.
A-trust Code signing certs. €360.00 EUR per year. SSL (Secure Sockets Layer) certs €240.00 EUR per year. Site is in German. Last revised/verified: 2011-10-31
Actalis Italian certificate authority. Website is only in Italian. SSL certs. Install roots. Last revised/verified: 2009-08-09
Affirm Trust SSL. Last revised/verified: 2011-10-31
CaCert Welsh certificate authority. Free SSL , SMIME, IM and Open Office digital signing certs. Java, Authenticode and Mozilla XPI Code Signing Certs after you acquire 100 points of trust. Install root certs. Last revised/verified: 2008-03-04 Disadvantages:
  • Browsers don’t come with the CaCert.org root certs pre-installed. That is a political problem to talk the browser makers into including them.
  • The documentation is more than usually geekish.
  • The scheme works with a web of trust, similar to PGP (Pretty Good Privacy). This requires you to engage in a time-consuming set of meetings to establish your identity by accumulating enough trust points.
Certs4Less Sell Thawte certs for $179.00 USD per year
Certum A Polish company offering over a dozen different types of certificate including code signing certificates. Code signing certificates are free for anyone involved in an open-source project. They also offer a free timestamping service to provide undeniable proof that digital data were not modified or backdated. Prices are higher than previously, but still well below the competition: e.g. $185.00 USD for a Java code-signing certificate and $95.00 USD to renew. Unfortunately, code-signing roots are not built into cacerts. Last revised/verified: 2007-04-23
Camerfirma ( not Camerafirma) Spanish. Last revised/verified: 2013-02-09 Sell SSL, code signing and many kinds of certificates I have never heard of.
Cren Institutional Certificates, e.g. entire universities. Cost is per institution based on size.
Comodo aka InstantSSL SSL certs from free to  $999.00 USD for a one year. Comodo owns the following root certificates: UserTrust Network/AddTrust, AAA Certificate Services, Secure Certificate Services and Trusted Certificate Services. These roots are present in Opera and IE (Internet Explorer). IE has Comodo-branded certificates in the Intermediate Certification Authority Section. This is the important place for Authenticode certificates. The AAA Certificate Services root certificate is present is Java’s cacerts. The usual problem with using a low cost certificate is not everyone has the root certificates pre-installed. Comodo does not appear to have that drawback. Authenticode Code Signing certificates for *.exe, *.ocx, *.dll, other *.cab files, or PAD (Portable Application Description) *.xml files are $179.00 USD for one year. Last revised/verified: 2012-12-15
DigitCert.com SSL cert  $99.00 USD per year. Last revised/verified: 2007-04-23
Ebizid SSL Cert  $39.00 USD to  $450.00 USD per year. Last revised/verified: 2007-03-23
Entrust (USA) personal email certificates(free), SSL Server(free), VPN (Virtual Private Network) [VPN] (free), SET (free). Free certs are 60-days for testing only. To use them you must first load the Entrust root authority cert into your browser. The code-signing certs appear to have been dropped. Production SSL certs for  $349.00 USD a year. Last revised/verified: 2007-03-23
Firmaprofesional SSL, code signing, many others. Site is in Spanish. Last revised/verified: 2011-10-31
GlobalSign PersonalSign Demo dual purpose S/MIME (Secure Multipurpose Internet Mail Exchange) email and SSL client certificate: €0.00 EUR /year. Opera already has the necessary root certificate installed.
PersonalSign 2 email cert  $80.00 USD /year.
PersonalSign 2 pro qualified email cert, also for digitally signing documents €70.00 EUR /year.
PersonalSign 3 pro qualified email cert, requires you to visit GlobalSign office to present your credentials. €100.00 EUR /year.
One-year ObjectSign certs can be used to code sign Java (probably just the old MS signing), JavaScript, ActiveX, VBA (Visual Basic Applications) etc. €175.00 EUR /year.
SSL or TLS (Transport Layer Security) Server $189.00 USD /year. Last revised/verified: 2007-03-23
GoDaddy SSL certificates  GoDaddy SSL certs $19.00 USD to  $90.00 USD per year. Last revised/verified: 2007-04-23
Authenticode code signing certs $200.00 CAD  per year. Last revised/verified: 2012-12-15
Ksoftware Code signing certificate. Multipurpose. Handles Java, Authenticode and many others. Affiliate of Comodo. $95.00 USD a year. This is a remarkably good price. Once you place the order, from then on Comodo handles everything. I have ordered a two year certificate. I need to check though that their root certs are preinstalled everywhere I want to use them such as Java cacerts, Excelsior Jet, Windows, Opera and other modern browsers. I have not yet found the root certificates to check, though the company assures me they are universally supported. I also read about some people having trouble using Comodo Authenticode certs to sign PAD XML (extensible Markup Language) files. The vendor says they have successfully signed PADs (Portable Application Descriptions) with them. They also offer a free document signing service with timestamping. Your general purpose certificate is good for this too. requirements. It is best to use Firefox or Chrome to apply, not Opera. Applying for a code signing certificate is quite a production. You must provide multiple proofs you or your company is who you claim. They take Visa, MasterCard, Discover, American Express and PayPal.
Let’s Encrypt Free SSL certs, but valid only for 30 days. I find this odd since it greatly increases their overhead.
SSL Shopper Sell Java code-signing certs from four different companies.
QualitySSL, née InstantSSL 128-bit SSL certificate $49.00 USD per year for Intranet SSL to  $749.00 USD per year for wildcard. Last revised/verified: 2007-04-23
TC Trust Center personal email certificates  €69.00 EUR . SSL €159.00 EUR 1 year. Mobile Java $200.00 USD 1 year. Java code signing €142.00 EUR 1 year. corporate root trusted authority certs. time stamping. Last revised/verified: 2010-08-16
TrustWave née SecureTrust née XRamp EV (extended validation) SSL certificates  $599.00 USD Last revised/verified: 2007-03-23
StartSSL free SSL certificates. Free actual certificates, not test certificates. This sounds bizarre. How do they make money? What’ the catch? Last revised/verified: 2010-03-26
Serifitseerimiskeskus SSL. Site is in Estonian. Last revised/verified: 2011-10-31
Symantec Symantec offers a timestamping service with their certificates. They offer code-signing and SSL certificates. SSL certs are $400.00 USD to $2000.00 USD per year. They have four kinds of code-signing certificates for $500.00 USD a year. Code-signing certificates use 2048-bit keys.
Thawte  Thawte Certification
(South Africa)
I like Thawte. They are friendly and co-operative.
  • Personal email S/MIME certificates(free). Use a web of trust scheme to make them more valuable that the usual free email certificate.
  • Free SSL test certificates.
  • JavaSoft Developer Certificate: These certificates can be used with Oracle’s Java version 1.3 and later to sign Applets. $199.00 USD /year.
  • Apple Developer Certificate: These certificates can be used by Apple developers. $199.00 USD /year.
  • Microsoft Authenticode (Multi-Purpose) Certificate: These certificates are used with the Microsoft InetSDK developer tools to sign ActiveX controls, .CAB, .EXE and .DLL files and other potentially harmful active content on W95, W98, Me, NT, W2K, XP, W2003, Vista, W2008, W7-32, W7-64, W8-32, W8-64, W2012, W10-32 and W10-64 Authenticode certificates only work with Microsoft IE 4.0 and later. $199.00 USD /year. You can’t use generate or sign with the certificate on Vista.
  • Netscape Code-Signing Certificate: These certificates are used to sign Java Applets, browser plug-ins and other active content on the Netscape Communicator platform. These certificates are used to sign Java Applets, browser plug-ins and other active content on the Netscape Communicator platform, i.e. in the old days of Java version 1.1 and 1.2. $199.00 USD /year.
  • VBA Developer Certificate: $199.00 USD /year. These certificates are identical to Microsoft Authenticode certificates and are used by developers to sign macros in Office 2000 and other VBA 6.0 environments.

    The thing that blocks you from interconverting Thawte certificate types is that you can’t convert Sun keytool certs to PKCS (Public-Key Cryptography Standards) #12 because keytool.exe refuses to either export or import a private key. It uses the same format for public certs. You can get around this restriction with tools from third parties e.g. BouncyCastle.org. Download one of the providers. You want to do this so you can import your full certs into other signing tools, such as Netscape jarsigner. Basically you configure a little java program called BCMain to export the certificate in PKCS12 format using the BouncyCastle JCE (Java Cryptography Extension) . That exported file contains both private and public key. From there, you can import it elsewhere e.g. with keytool.exe.

    You can use a Netscape signing certificate for The Java plug-in 1.1 and 1.2, if you use the old Netscape RSA (Rivest, Shamir and Adelman) jar signing tool. For Java version 1.3 or later, you need a separate RSA certificate. Thawte no longer make Sun DSA-style certificates. The Thawte website is ambiguous about this, saying it requires a different type of certificate, but not that it requires a totally separate application process and fee. The fault lies not with Thawte, but with Sun, since Oracle’s keytool.exe refuses to import or export private keys from the .keystore file. Happily, Thawte code-signing roots are built into cacerts..

  • SSL Server from $149.00 USD /year to  $899.00 USD
  • PGP certificates are no longer supported. Sadly, Verisign bought Thawte out in 2000-02. Thawte is a much nicer company to deal with than Verisign.
Last revised/verified: 2007-03-23
TuCows Authenticode for signing PADS and Microsoft apps. Comodo 1 year  $75.00 USD , Thawte 1 year  $160.00 USD .
Turktrust SSL 299.00 TRY , document signing. Site in Turkish and English. Last revised/verified: 2011-10-31
Verisign Symantec bought out Verisign then killed it. Verisign was the prestige company for certs. If any cert will be supported, recognised and accepted, it used to be Verisign. However, dealing with Verisign was like dealing with IRS (Internal Revenue Service) bureaucrats, very cold and businesslike. They were more set up to deal with large corporations than individual developers. Their website was well organised so you can quickly find the certificates you need and the prices.
  • personal email certificates $20.00 USD /year.
  • Javasoft Code-Signing Developer Certificate for  Java version 1.3 or later  $499.00 USD /year and  $695.00 USD for the pro version. The pro version offers rush delivery, 2 days instead or the usual 3 to 5, a 45-day free trial, and  $100,000.00 USD insurance instead of  $50,000.00 USD . They have never yet had a claim on the insurance.
  • Microsoft Authenticode $499.00 USD /year and $695.00 USD for the pro version. These certificates are used with the Microsoft InetSDK developer tools to sign ActiveX controls, .CAB, .EXE and .DLL files.
  • Visa SET.
  • 128/256-bit SSL certificate. $995.00 USD
  • Extended Verification SSL certificate. $1499.00 USD
  • Microsoft Office and VBA $499.00 USD
  • Netscape $499.00 USD
  • Macromedia Shockwave $499.00 USD
  • Marimba Castanet Channel $499.00 USD
Certificate types cannot be converted into each other, though the Java code signing cert can reputedly also be used for Microsoft Authenticode. Verisign does’nt give details on how this works. You have to buy multiple certificates if you need more than one type. Happily, Verisign code-signing roots are built into cacerts.. Last revised/verified: 2008-06-09
Verizon (USA) née Cybertrust. Java code signing certs for  $280.00 USD . Sell SSL certs for  $282.00 USD a year. EVL SSL   $800.00 USD a year. Last revised/verified: 2011-01-05

Selecting a Vendor

Some criteria to consider when buying your certificate are: I heartily recommend Thawte for four reasons:
  1. They have low prices.
  2. They have friendly, responsive staff.
  3. They are based in South Africa, less likely to be coerced into disclosing information they should not by the CIA (Central Intelligence Agency) or the US government.
  4. They are not subject US encryption export laws.
Unfortunately they have been bought out by Verisign, a much less customer-friendly company. However, I have seen no sign in deterioration in Thawte as a result.

Consider buying a 2 or 3-year certificate. It costs less per year. It takes less of your time to buy and install it and you don’t have to reissue all your signed code each year because of an expired certificate.

Why are Certificates so Expensive?

Certificates cost almost nothing to manufacture. It costs the vendor nothing extra to use a fat key size. It costs the vendor pennies to renew a certificate for another year. So why are they so expensive?

The vendor has to research and vouch that every fact attested in the certificate is indeed true. This requires human labour. Usually there are problems. Vendor staff have to email/phone back and forth with the customer to resolve them. Very few customers are technically competent in certificates. They require handholding to apply for and install them. The more facts, the more labour, the higher the cost.

Why then do the prices differ so much between vendors? If a vendor spends money on advertising, he builds a reputation. That helps him pressure browser vendors into including his root certificates. By making certificates expensive, only a rich clientele can afford them. They buy them for the same reason people buy Rolls Royces — to prove to others they are prosperous. The brand becomes associated with large wealthy customers. This gives both the brand and the customer prestige and lets the vendor charge extra, just like Rolls Royce.

This page is posted
on the web at:


Optional Replicator mirror
of mindprod.com
on local hard disk J:

Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number