How to? - Self Signed Code Signing Certificate and Certificate Store

Hi everyone,

My Code Sign certificate is due for renewal next month.
Had a quick look and for a 3 year certificate via Setup Builder it will cost ±R14 000.00.
The last certificate 3 years ago was ±R4 000.00.
This new type of certificate seems to me like one big money grabbing scheme.

Is there a way to create my own self signed code sign certificate?
Then run a small program on my users machine and register this self signed certificate in their certificate store so it could be trusted?

Any ideas and advice would be appreciated.


Johan de Klerk

I create all the time self signed certificates for SSL and you can add them to the store. Usually I set expire 10 years. I do not know anything about code sign so maybe it is different. Check if this helps How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 20.04 | DigitalOcean

Hi Nenad,

Thanks for your reply.
However yours is for web.
The code signing certificate is for signing application files (EXE’s, etc.)

Johan de Klerk


My certificate is also expiring.

I have not been certifying my programmes for a few weeks now. So far there have been no problems.

Perhaps the hash code of the EXE and the DLLs should be enclosed ?


Hi Bernd,

You have me at a disadvantage here.
Please explain what you mean.

Johan de Klerk



cdbe9690cf2b8409facad94fac9479c9 *msvcr90.dll

There is also a validation programme:
see WIN-SFV32

Luckily, anyone who modifies the DLL won’t know how to generate MD5.

1 Like

In my opinion, there is nothing to be said against checking the most important exe/dll when starting the programme.

I agree with that, but there is a false sense of security with this exercise, and moreso when distributing both the EXE and the md5 together :).

Not saying that code signing is bulletproof either, but it’s more of a verifiable way to ensure that the source of the files was the entity that signed them. (But it’s still a racket, IMO.)

This is something done when learning or testing Code Signing.

If you Google “testing code signing with self signed certificate” you’ll find a bunch of results. Here are a few…

and many more…

The MD5 code should be stored securely (encrypted) or be retrievable via IP/REST.

Pretty sure this alternative was covered on the first day of planning the journey to designing the certificate authority infrastructure.

I think the OP wants normal Code Signing that way it can be used in all the typical ways everyone knows. Like the User can view it in Explorer, installs can be confirmed signed and AV programs can check it.