Don’t let software signing mistakes ruin your next application project. Discover how to fix nine of the most common errors faced by software developers and publishers to avoid shipping vulnerable products We all make mistakes — we’re human, after all. However, sometimes oversights can have…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
Don’t let software signing mistakes ruin your next application project. Discover how to fix nine of the most common errors faced by software developers and publishers to avoid shipping vulnerable products We all make mistakes —…
SolarWinds, Kaseya, Codecov. What do they have in common? They’ve all suffered software supply chain attacks. Explore how to beef up your secure software supply chain with 9 killer strategies Meet Jai Tan, the mysterious hacker…
This step-by-step instructional guide will walk you through how to issue an HSM-backed cloud code signing certificate in Azure Key Vault and use it to sign an executable using Azure SignTool In June 2023, industry leaders…
DigiCert 2024 digital trust survey: 74% of businesses had their private keys or digital certificates stolen, compromised, or misused in 2023. Learn how to create and use a Java Keystore to protect your insecure keys and…
60% of firms polled by JRebel plan to hire more Java developers in 2024. To build up your Java code signing expertise, explore five stellar Java Jarsigner examples that’ll help you magnify confidence in the security…
Looking for a secure alternative to traditional token-based code signing certificates that’ll affirm your code’s authenticity & integrity? Explore HSM-backed solutions, which are preferred by 69% of organizations In June 2023, the CA/B Forum ramped up…
VBA macro-based malware is making a surprising comeback. The Bumblebee malware loader targets U.S. businesses with macro-laced Word files. Learn how to protect your legit Excel docs from being used by cybercriminals. Macros are simple sets…
There’s no such thing as a free lunch, but there are viable alternatives to Let’s Encrypt code signing certificates. Find out how you can assert your publisher’s identity and guarantee the integrity of your code without…
Dreaming of becoming a SignTool Jedi Master? Want to help your customers achieve zero software supply chain incidents, like 33% of organizations surveyed by DigiCert? Nail it learning everything you ought to know about Microsoft SignTool…
SignTool.exe is Microsoft’s code signing tool that uses code signing certificates to promote trust and validate software integrity and authenticity with a simple script. Learn how to download and install it in less time than it…
56% of cyber incidents investigated by Palo Alto involved malware in some way. Learn what the Azure Key Vault code signing certificate is and how it can help prevent your software from being used for malicious…
Explore and learn the power of Java Jarsigner. Master this code signing tool to reassure your customers that your Java ARchive files are secure, and achieve optimal malware and tampering protection Expel’s latest report further underscores…
Azure Key Vault code signing will protect your keys, certificates, and apps in one go. Discover how to use it to shield your organization and customers from software-based attacks by signing your app packages in Visual Studio…
Cybercriminals kicked their efforts into high gear in 2023, netting $1.1+ billion in ransomware payments. Don’t let your organization and customers become their next cash cows; master the art of code signing in Visual Studio. It’s…
94% of organizations recognized in 2023 that customers wouldn’t buy from them if they didn’t secure their sensitive data. Want to boost the security of your Java apps with code signing but can’t anwer the question…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.