So I was asked to try to figure out what we would have to do to get a Code Signing certificate for our in-house software development team. Just to be clear, that team is about 4or 5 developers, writing software, databases and web sites that are primarily used by our workgroup — consisting of about 400 people — within a larger company of … well, lets just say over 10,000 employees.

The problem, of course, is that generally speaking, such a certificate is issued to a legal entity: a person or a corporation. I figured there was no harm in asking, however, whether it was possible to simply have the certificate issued to our team. I was wrong. Here is a transcript of two conversations I had over “live chat” on a couple of web pages.

Just to be clear about expectations: both of these are large companies chosen by Microsoft to be one of the Trusted Root Certificate Authorities that are included by default in XP and Vista, and had links on their web pages with a photo of a very Caucasian female with text like “Chat with a sales support rep now” and “Click for live assistance” ... so I tried Verisign:

Welcome to VeriSign you are now speaking with Tumelo Manale. How may I help you?
Tumelo Manale: Hello, from which location are you chatting from today?
Customer: Rochester, NY
Customer: I have a question about your code-signing certificates … I work for a small internal software development team at a large corporation, and we need to be able to sign code at our team level
Customer: Is there any way we can get a certificate issued to the team, as opposed to, say, an individual, or the whole corporation — which would presumably involve so many levels of red tape that I wouldn’t finish until 2020 ;-)
Tumelo Manale: I can get a agent to provide you with clarity regarding this issue?
Customer: Uhm, that would be great.
Tumelo Manale: May I please have your Name, contact number and e-mail address?
Customer: Joel Bennett, I gave him my work phone and email
Tumelo Manale: Thank you.
Tumelo Manale: An agent will contact you soon.

Well, not much luck there — and I still haven’t gotten a phone call, either. The only positive spin I can put on that experience is that (compared to the next attempt) at least Tumelo Manale’s name made it clear from the start that he was probably not a native English speaker … Next I tried Comodo (the cheapest of the four code-signing capable root certificate authorities available in Vista). (more…)