Share via

SSL eSigner Cloud Signing Service

rshields 1 Reputation point
2022-08-09T18:06:22.007+00:00

Has anyone purchased an EV code signing certificate from ssl.com for signing kernel drivers and then found the ssl started billing them for a eSigner Cloud Signing Service that they did not request?

I mean I am not the only one.

esigner-cloud-signing-ssl-com-certificate

Microsoft say that ssl are an option for purchasing EV certificates.

code-signing-cert-manage

Our account looks like.229656-ssl.png

We paid for the two certificates at the bottom that we ordered however we never requested purchase of the eSigner Cloud Signing, which we are being billed monthly for.

It seems like a scam should Microsoft be advertising companies like this?

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SSL.COM Team 1 Reputation point
    2022-08-11T19:12:43.537+00:00

    Hello rshieelds-1259,

    Thank you for using SSL.com, and we will do our best to make things right for you. When submitting information during the registration process, there was a checked box that requested issuance of an EV certificate on the eSigner cloud signing service. It allows for team sharing of certificates, automation of the signing process and can be used anywhere with an internet connection, not devices or dongles needed.

    Since you mentioned that you have a kernel mode driver to sign, Microsoft has some limitations that prevent the Yubikey from being used for this purpose. For kernel mode signing, Microsoft currently does not support ECDSA and anything less 3072-bit RSA.

    Although we provide FIPS Yubikey tokens due to their support of attestation certificates used for renewals or rekeys (thus saving you from having to buy new USB tokens), FIPS Yubikey tokens, unfortunately, are unable to support RSA 3072 or RSA 4096. If the eSigner service is not something you want to continue to use, we can offer as an alternative to eSigner, either a SafeNet token, or we currently offer an organizational validated certificate signing (OVCS) pfx for download that can be used for kernel mode signing. Please note that pfx file issuances will go away by the end of the year as the CA/B forum will be requiring tokens for all code signing certs.

    There's a lot going on with what I provided above, and I understand you just want to sign and go and not get charged a whole lot of money for it.

    After talking with billing, they have agreed to credit you the esigner charges that you can apply towards a Safenet token shipped to anywhere you like. Or if you prefer, we can also refund the eSigner charges and provide you with an OVCS pfx file for download at no cost.

    I do hope this set things right, and if you have any other questions, feel free to contact us at billing@rithansodo .com

    Sincerely,

    SSL.com

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.