I believe you. I also found that many CAs will not deal with a solo developer; that's real. But Sectigo continues to offer HSMs to solo developers. The link I used is [1], you buy the HSM along with your first certificate and they ship it to you. $300/year for the cert, $90 one-time for the HSM. That's not cheap but I think for specific developers looking for an escape from the store, it's a good price for freedom. The HSM is a USB stick with an LED on the back. The software is called "SafeNet Authentication Client" and it sets up the certificate access in your Windows Certificate Store so that signtool can use it. Prompts for the password every time (annoying).
reply[1] https://comodosslstore.com/code-signing/comodo-individual-co...
For comparison, my code signing cert via Azure (no Microsoft store account required, can be used to self-publish binaries/installers the old fashion way) is $10/month, or about a third of the price Sectigo is charging you. I figured it was worth trying this route first, though I had to write my own basic tooling around it.
reply> it's a good price for freedom
replyFor a freedom you didn't have to pay for at all? Why accept this absurdity?
The sectigo HSM is just a USB stick they actually mail you, so it's not onerous.
reply