We’ll quickly explore three ways you can get a code signing certificate to secure your software and supply chain right away Since 2023, code signing certificates must be installed on secure hardware. For all code signing certificates, this means you can choose from one of…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
The HTML <keygen> element is one of the features, which is used for generating the key material and the submission of the public key, as a part of an HTML form. It’s a mechanism which is designed to…
The HTML <keygen> element is one of the features, which is used for generating the key material and the submission of the public key, as a part of an HTML form. It’s a mechanism which is designed to…
Distinction- iOS Code Signing Identity & Provisioning Profiles Being an iOS developer, you might be getting annoyed with Code Signing Identity and Provisioning Profiles. And, might even be questioning, what is Code Signing Identity? What’s the need for creating…
Before moving any further, verify that your certificate is installed in the Windows CSP. For that, right-click on your PFX file and select Install or import through Internet Explorer by clicking on: Steps to sign VBA…
First, you need an AIR SDK installed for signing an AIR application. To make it convenient, make sure you’re on the environment variable PATH of the Adobe AIR SDK, i.e., /bin/ directory Open a command prompt…
If you’re an Individual software developer or a publisher who develops software and applications, then the requirement for code signing is a little different, as Individual Validated Code Signing Certificates are required. And those keep getting harder to find. Here,…
A Code Signing Certificate is a type of digital certificate that is used across all the major platforms to provide security, authentication, and guaranteed identity for executables, software, code, and scripts. In other words, a Code Signing certificate is…
OV Code Signing Vs. EV Code Signing: What’s the Difference? Whether it’s an OV Code Signing Certificate or EV Code Signing Certificate, both offer the same thing – signing software, scripts, drivers or any other executable…
Like applications, software, codes and scripts, Kernel-Mode Drivers can also be signed using EV Code Signing Certificates. The benefit of signing Kernel-Mode Drivers is that it helps users verify that this digitally signed kernel-mode driver packages…
If you’re an organization developing or publishing software or drivers using the Windows Hardware Developer Center dashboard, Extended Validated (EV) Code Signing Certificate will be the perfect choice for you. (Having an EV code signing certificate associated with…
If you’re an organization that develops software and applications, you may already know how important it is to sign your software, applications or code with a Code Signing Certificate. So, which documents required for code signing?…
Deliver Your Code More Confidently to Customers of Leading Microsoft Platforms CodeSigningStore.com is one of the leading global providers of Code Signing Certificates from the industry’s best Certificate Authorities, like DigiCert, Comodo/Sectigo, and Thawte. If you’re…
If you’re the organization or web developer who develops Adobe Air based applications, it’s important to sign your applications before publishing to avoid warning messages such as Unknown Publisher.For Example: Unsigned Application Unsigned For signing applications, Adobe…
Discover steps sign your Adobe Air applications using the Flex SDK. Before starting, get the Flex SDK & ADT application adt -package -storetype pkcs12 -keystore -storepass password ExampleApp.air ExampleApp-app.xml ExampleApp.swf Note: Now, go to the directory Flex…
Code Signing with Microsoft Authenticode Authenticode, one of the most popular Microsoft technologies, is used in code-signing to identify who’s the publisher or developer of a given piece of software. It helps in signing several types…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Google Cloud KMS (Cloud HSM)
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Google Cloud KMS (Cloud HSM)
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.