I have been developing a module for a client, and its getting close to the point of installing it int heir environment and we are trying to figure out the signing of it.
I have it self signed at the moment, but the client wants to obtain a code signing cert from a CA to sign it instead.
My question is, which type of cert is typically used for what I am talking about? I know that an EV cert allows for timestamping, so the code doesn’t “expire” with the certificate, but would that affect an already installed module? A regular cert would be better in terms of not needing to be shipped a hardware token, but the expiration may be a show stopper.
Any help is appreciated!