How do I get a code signing certificate?
You need to order the certificate from one of the following Certificate Authorities who have their root certificate already included in windows:
StartSSL
Verisign
Thawte
Comodo
Godaddy
Digicert
Others may also exist but those are the most common.
You can do as we tried to do five or six years ago and create your own certificate. Its free and the reason for signing code is to say it came from you so as long as you protect your certificate, it should be just as valid You would then need to distribute the public certificate to your customers though your site or include it with the program zip file.
Unfortunately our experience has shown a complete unwillingness by customers to install the certificate so we have purchased one from StartSSL. They have the cheapest price available. $59 for two years instead of $200 for one year. What's the catch? You have to use your name instead of a company name. They won't sell company certificates to sole proprietorships.
You can also find certificates discounted considerably. The best price I found is around $83 if you want to do it with your company name. I decided two years was better and I didn't care if they showed my name. I just wanted the warning that microsoft uses to help enrich these certificate authorities to go away.
My recommedation is to find the cheapest one that accepts Time Stamping because the certificates are basically the same. StartSSL is the one that I found. Maybe you'll get luckier.