VeriSign As a Monopoly

Question

So we have to purchase a code-signing certificate from VeriSign in order to open an account with Microsoft.  I did that a week ago.  I heard that it would take them 2 business days to process a request.  I waited for 3 days.  Eventually, I was forced to contact them.  Finally, they replied.  They said they couldn't confirm my phone use and requested a notarized letter.  I was shocked.  Oh, well...  I spent about $150 just to get a letter.  And I'm not very happy with these people.  They seem to ignore my questions.  I wish we were allowed to use a code-signing certificate from other authorities.  It's a tying contract, which is against the Clayton Act.  Whether you like VeriSign or not, you must buy a certificate from them in order to have business with Microsoft.  VeriSign is a monopoly in this case because they can charge any price.  In fact, the price was listed as $495 or something till the beginning of August somewhere at Microsoft's web site.  I was totally apalled.  A certificate for $495?  But what can I say?  VeriSign is a monopoly.  Take it or leave.  If VeriSign doesn't sell you a certificate, you will never be able to sell your software products at Microsoft's Windows Store.  What a wondeful life...

I actually sell about 3 dozen applications at Apple's Mac App Store.  I never realized how generous Apple, Inc. is.  If you pay just $99, you'll get everything.  Apple, Inc. acts as a certificate authority.  So a code-signing certificate is included in the package.  You can issue as many as two certificates.  And you can trash one to create another at any time and  easily.  You don't have to go through VeriSign.  You can actually use other code-signing certificates.  By the way, you get OS and Xcode for free, too.  There are no hidden costs.  Here, you can't even list your applications until you buy Windows 8 unless you have a MSDN membership or whatever, which costs what?  If you want to join Windows Store, you have to make separate payments each to VeriSign and Microsoft.  If they don't sell you a certificate, your life is pretty over, right?  So don't piss them off?  Oh, boy, how much money have I spent so far?  I don't like what I am doing.

Answer 1

I'm sorry, I'm new here (but I've registered and am in the process of publishing an app). Can you please explain why it's necessary to get a code-signing certificate from VeriSign in order to do business with Microsoft? You don't need to sign your assemblies in order to publish them in Windows Store as far as I know?

Answer 2

Are you saying that you are able to open a Microsoft account without a buying a certificate from VeriSign?  What do they say here?

Answer 3

I registered a couple of years ago for Windows Phone 7.5 development but haven't been very active. I think I might have signed up as an individual and not a corporation (I run a sole prop.) hence avoiding this requirement. Now that I've read the link you provided it kind of scares me as well. Would like to hear some input form Microsoft here.

Can't other certificate providers than VeriSign be used?

Answer 4

I see.

No, you have to buy a certificate solely from VeriSign.  Some people have complain about that here.  Still, we've received no word from them.  It's Day 10 or something since I first applied for a certificate, paying some $99.  It's totally a stupid idea to go through a third party (VeriSign) when in fact you just want to open an account with Microsoft.  Imagine assembling an automobile with 1,000 parts.  If just one of them is short, the entire line will stop.

I am seriously thinking about switching to iPad software development.  I don't want to have anything to do with Microsoft or Symantec.  I now know what kind of companies Symantec and VeriSign are.

I'm not really advertising Apple's Mac App Store.  Nevertheless, although they have their own problems, by and large, Mac App Store is way easier to deal with.  Why?  There are not 1,000 parts suppliers.  You only deal with Apple, Inc.

Answer 5

Comodo sells Microsoft Authenticode certificates. http://www.instantssl.com/code-signing/

Can someone from Microsoft confirm or deny that these certificates will work?

Answer 6

I just got a Windows Store Company Account. I did not need to purchase a VeriSign certificate. All I needed to do was to confirm my ID (which is done through Symantec and did not cost me anything) and provide my tax information (IRS form W9) and pay the $99 to Microsoft. Windows Store accounts can publish WinRT apps (which work in Windows 8 Metro [x86/x64] and also Windows Surface [ARM]) and Windows 8 desktop apps (non-Metro [x86/x64]. Based on the info path at the top of the web site followed from the link in the thread above, it apears that a VeriSign ID may be required ONLY for non-Metro desktop apps.

So if your publishing focus is portable apps like on iPad then you want to publish on Microsoft Surface (using Windows RT) then it doesn't look like you need a VeriSign ID at all. And since Windowd 8 also supports Windows RT, your Windows Surface app can also be published for Windows 8 users as a Metro style app rather than a normal Windows desktop app.

FWIW,

Mark Means