So I'm working on a project that will be open-sourced later.
But when I release my executables with my project, I don't want that each user gets a message that my app is from an unidentified developer.
I also don't have the money(I'm 13, so I don't even have a credit card😂) to buy such a code signing certificate.
And I know that there are a few simular questions about this but the best question I found was this one.
And it was asked more than 9 years ago!
So what I'm basically asking is:"Is it still possible in 2018 to get a free opensource code signing certificate?"
The most basic way would be to generate a certificate yourself and sign with that, which is known as self-signing. In order for your self-generated certificate to be widely trusted, you would have to somehow get it to be signed by some well-known entity. You might try lurking around your local open source festivals/meetups and try and meet respected people and get them to sign your keys and whatnot. This, as you might imagine, is a large investment of time, but it might be worth it in more ways than one.
Or you can get a certificate authority to generate and sign the cert for you, colloquially known as buying the certificate. This usually costs a lot, but is very quick and easy.
There is one other option I know of, and that is CAcert. This is a community-driven free CA, wherein you get rated by other users instead of being verified centrally.
It might be slightly more hassle to the end-user than the expensive certs, and you may have to add CAcert as a trusted authority on the target system. But it's still a lot less than self-signing.