Don’t let software signing mistakes ruin your next application project. Discover how to fix nine of the most common errors faced by software developers and publishers to avoid shipping vulnerable products We all make mistakes — we’re human, after all. However, sometimes oversights can have…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
Find Out the Differences Between a Code Signing Certificate vs. an Email Signing or Document Signing Certificate As a software developer, you certainly know how important code signing certificates are. But, many times, especially those who…
Here’s How to Select the Right Code Signing Certificate Provider If you’re a Software Developer or a Publisher, then you might already know how important it is to sign your software, codes, and executable files using a code signing…
Code Signing Requires Four Different Components for the Code Signing Architecture As a software developer, you know the role of a code signing certificate, how important it is, and how helpful it is to provide trust to the…
Code Signing Certificate – Step-By-Step Renewal Guide Are you a software developer who has purchased a code signing certificate for signing a software? Has the code signing certificate that you purchased expired? If yes, that’s nothing to worry about. No matter…
Follow Code Signing Best Practices & Overcome Security Challenges Faced by Software Developers & Publishers We live in an era where software surrounds everyone. Whether you’re at home, your workplace, in the car, or virtually anywhere…
Being a software developer or publisher, you might have an idea of how technology is evolving to require identification before trusting your code and allowing it to be installed on an operating system. Due to such strong requirements, you’ll…
image/svg+xml Starting June 1, 2021, GoDaddy will no longer issue or renew Code Signing or Driver Signing Certificates. Switch to COMODOCode Signing at $211.46/Yr GoDaddy Are you a software developer or a publisher who’s looking for…
Sign Your Windows Scripts and Executables Using a Microsoft Authenticode Code Signing Certificate A Code Signing Certificate used for Microsoft Authenticode also called as Microsoft Authenticode Certificate, helps you digitally hash and sign your scripts and Windows…
Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer” While Signing Adobe Air Application Using a Third-Party CA Code Signing Certificate This error is usually shown when an Intermediate CA Certificate is…
Avoid Making Common Security Mistakes That Make Your Software Vulnerable to Attack As a developer, you’re certainly aware of the importance of following security best practices. But many times, we miss certain things, maybe because it…
An extended validation code signing certificate is a Windows Hardware Developer Center requirement and helps build trust in your software over time In early 2024, Microsoft changed how its Microsoft SmartScreen security feature interacts with extended…
Boosting Software/Application Adoption Is a Challenging Task – Here Are 6 Tips That Can Help You’ve built your software/application. Designing and icons, everything looks good, and it’s working fine on all devices. Even the niche is unexplored…
EV Code Signing Certificate Comparison: Comodo vs Sectigo Signing your executable file, software, code with an EV Code Signing Certificate is one of the best decisions you can make as a software publisher or developer. As EV Code…
Code Signing Certificate Comparison: Get the Best One for Your Software/Application Code Signing Certificate is an essential component of securing Software/Application via digital signing technology. It helps to assure users that the digitally signed software code,…
Consumer survey finds that a large majority of users avoid installing unsigned software For any software developer or publisher, one of the worst nightmares is that their software doesn’t even get a chance to run, not…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.