Don’t let software signing mistakes ruin your next application project. Discover how to fix nine of the most common errors faced by software developers and publishers to avoid shipping vulnerable products We all make mistakes — we’re human, after all. However, sometimes oversights can have…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
136 hours. This isn’t only the time required to fly from New York to Beijing 7 times; it’s also the average amount of downtime caused by a ransomware attack in 2023. Don’t let attackers hack your…
66% of organizations interviewed by ArmorCode in 2023 confessed to prioritizing fast release times over security. Go against the tide and take the time to sign your software. Explore how to secure your ClickOnce Windows desktop…
87% of IT leaders interviewed by Zendesk have cybersecurity and data privacy at the top of their 2024 strategy. Explore how a ClickOnce signing certificate can elevate the security of your Visual Studio apps and reach…
Fed up running around like a headless chicken, looking for a guide explaining how Electron code signing for Windows apps works? Check out our tips! Learn how to code sign your Electron app now using a…
DigiCert predicts that in 2024, digital trust will be at the foundation of organizations’ hardware and software security strategy. Prove the authenticity and integrity of your Java software with JarSigner. Discover how to install it in…
“This app can’t run on your PC.” This is one of the worst error messages users could get when attempting to run your new app. Explore how Windows 10 WHQL can help you avoid this issue,…
Signed vs unsigned drivers: the ultimate showdown of secure hardware. Discover their advantages and disadvantages, and which has the numbers to win the jackpot. Drivers are the muscles of devices and applications. They’re essential pieces of…
An average of 46% of buyers interviewed by Forter in 2023 are willing to spend more with vendors they trust. Boost customers’ trust by showing your users that your drivers are authentic (i.e., published by you)…
The Windows Authenticode signature validates your authenticity as a software publisher and guarantees your code’s integrity to users (which helps protect them against malware infections). Discover how to verify and create an Authenticode signature in a…
Did you create a new MSI package? Since June 2023, the process of digitally signing MSI installers, files, and packages with a certificate has changed. Discover how it works now by following our step-by-step guide Microsoft…
One in five businesses interviewed by Hornetsecurity were victims of a ransomware attack in 2023. Keep the lid of the malware jar sealed with JAR signing. Learn why you need it and uncover its top benefits…
Is your organization building new full-stack Java applications like 70% of the enterprises interviewed by Vaadin? Then you can’t do without a Java digital signature, a must-have for any software publisher. Discover in less than 5…
SonicWall’s 2023 report reveals that nearly one in three detected malicious files were executables. Prove to your clients that your .exe files are authentic and malware-free. Here’s our no-fluff, step-by-step guide on how to sign an…
Explore our complete guide to Windows driver signature enforcement. This built-in Windows feature increases the security of your operating system by detecting and blocking the installation of unsigned (and potentially dangerous) drivers. Have you ever wondered…
Your driver installation is halted, and a pop-up message informs you that a digitally signed driver is required to continue. What do you do? We’ll cover three options that’ll fix the problem and help you securely…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.