Are there paid certificates to use with purebasic TLS?

[skinkairewalker]

Are there paid certificates to use with purebasic?
So far I've only found certificates that require you to configure a domain address, I don't understand. Since self-signed certificates don't require you to configure a domain.

What would be the logic applied to these certificates, given that my server will not be exclusively web-based?

[NicTheQuick]

Certificates are always bound to a domain or a user, even the self signed ones. A certificate that belongs to nothing, just makes no sense. And a self signed certificated only makes sense if either the client uses certificate pinning or the self signed certificate is based on a CA (certificate authority) which is known to the client.
For developing reasons you can of course ignore all of that.

[NicTheQuick]

You only buy certificates if you want them to be based on a worldwide known root certificate or are certificate chain that can be followed to such a root certificate. These root certificates are usually pre-installed in all operating systems and/or browsers so they can check the validity of a domain certificate.

[Rinzwind]

What you mean, is code signing certificates. Which validates the creator of the binary. A scam nowadays. You'll need a physical certificate device to sign your binaries. Yearly renewal. No need for it. But hey, there is a market for it. Some clueless big organizations decides they want signed executables without knowing it means little.

[miso]

@Rinzwind,

It's SSL/TLS cert for secure encrypted networking.

[Rinzwind]

Signing executables has nothing to do with secure networking.

[DarkDragon]

Signing executables has nothing to do with secure networking.

Exactly, but OP wants TLS (transport layer security). So not code signing.

[tj1010]

https://learn.microsoft.com/en-us/windo ... o/signtool

I've signed sys/exe/dll/pe with MS signtool many times with no special hardware(any USB or an HSM) and just a DigiCert or GlobalSign x.509. Both drivers and userland exe and dll use the AuthentiCode API which is bound to the windows loader and Kernel->EPROCESS.

Why use one: Enterprise endpoint policies and trust-models, or even just end-user verification. I've seen it mandatory on a lot of SaaS and ActiveDirectory/LDAP/NTLM enterprise work in freelancing where group policies only allowed trusted software from store or with AuthentiCode.

Cost: $195-$500 a year depending on if EV cert or not and which CA. You want the CA that has had the least root cert leaks in proportion to the years in business. CA are a target for APT level hackers because if you have a valid signature you can bypass all security products and get kernel execution with no exploits on a fully-patched machine.

[Rinzwind]

I've signed sys/exe/dll/pe with MS signtool many times with no special hardware(any USB or an HSM) and just a DigiCert or GlobalSign x.509.

Nowadays codesigning requires a hardware key/token AND prices went up like crazy.
https://knowledge.digicert.com/general- ... ember-2022

[infratec]

We pay 200€ per year for an EV cert.