For those that don't know, D&B stands for Dun & Bradstreet (https://www.dnb.com/). They have this concept of a D-U-N-S Number which basically means information about your business is in their database.
Last I checked expedited D&B was around $40 USD (10 business days) and same-day D&B around $500 USD.
Free D&B said it would take 30 business days, but it actually only took them 5 business days when I applied for it.
If you sell software to the government, having a DUNS number is actually a requirement, too. At least to get listed on SAM.gov. You also need a CAGE number. I don't remember it taking me too long to get a DUNS number - and you can definitely avoid paying them any money.
There is also the issue that an EV cert has to live on a USB dongle and be "logged into" with some utility before being available for signing. Logging out the current user or even allowing the screen to sleep will lock the cert again. So, for automating signed builds, the only option is to leave the machine logged in and unlocked at all times, clearly obviating much of the "security" gained from all those restrictions.
I solved this fairly easily for a startup I worked at a few years ago that used a Digicert EV signing cert.
First, we ran Windows under Parallels on a Mac Mini (we needed the build machine to handle Mac builds as well). I think I set the Windows VM to never lock the screen or sign you out, but the physical Mac would lock its own screen as usual. You could set things up the same way with a VMware VM running on a Windows host.
Then the only problem to solve was how to type in the signing password every time the certificate utility popped up its password dialog.
Like so many things on Windows, it was AutoHotkey to the rescue! I wrote a little 5-10 line AutoHotkey script to watch for the password dialog opening, type in the password and hit Enter.
Bingo, we had fully automated EV code signing for our Windows builds.
You mentioned that logging out or letting the screen go to sleep would lock the cert. I don't quite remember it that way, but I could be remembering wrong. It seemed that the certificate utility simply wanted a password typed into its dialog for every code signing.
So it may be that this AutoHotkey setup would also work with the cert utility running on a physical Windows machine with normal screen locking. In any case, it definitely worked great in a VM.
Of course this meant that we had to store the signing password in plain text inside the VM, but that was a lesser evil than requiring someone to babysit the machine whenever we pushed a build.
Not sure how it managed to take you so long, but I do agree it's a PITA, and pure theatre.
I did need to get into D&B, and it was a bit of a faff - their website is a maze, and it took around a week after filling the form to get listed. Didn't need much time on it though.
One of the other requirements I had to fulfil was having a telephone number published in a sanctioned list of websites for a callback - so I registered a Skype number, published the number, did the callback, and terminated the number. Not sure what that was meant to prove...
https://www.youtube.com/watch?v=mwuk0E-tfeg
It's a nightmare. Complete scam.
I needed this for Polar: https://getpolarized.io/
Mind you... it's Open Source but I still want my users to be able to download it without warnings.
No joke - it took me 2 weeks to get the CSC with about 4 hours per day working on just this CSC issue.
It's just a labyrinth of insanity from not having a listing on D&B to them insisting I pay $2k to expedite it.
I still don't have one from Apple because it requires a D&B number so I had to get a personal cert from them.
I went with a cheap one for Windows BUT it gives errors on install for like the first 1k downloads until Windows says it's legit.
It's a complete scam.
BTW.. if you get in the MS App Store you don't have to worry about a CSC so that's good I guess.