In 2022, 33% of newly discovered vulnerabilities were flagged as critical or high. Explore OWASP’s secure coding practice checklist and learn how to leverage its power to boost your threat protection and reduce attack risks Digitalization is both a blessing and a curse for organizations.…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
With more than 71,000 startups in the U.S. alone, positioning your new business in the market can be tough. Discover the “secret sauce” for a killer marketing strategy that’ll help you crush the competition and increase…
SaaS is considered by many organizations the most important technology for the success of their business. Gear up your SaaS marketing activities and discover the top tactics that will help you create a rhapsody of success and change…
SaaS is taking the world by storm — businesses used 38% more SaaS apps in 2021 than 2020. But competition is getting tougher and security has become an issue. Learn how SaaS marketing will get your app to sell itself…
67% of developers knowingly release applications with vulnerabilities. Learn 10 secure coding practices that every developer should know and make secure coding part of your organization’s DNA Did you know that researchers recorded 50% more cyber attacks per week…
You can’t be too careful when it comes to the security of your applications. Put these 10 best practices to use to keep your business safe Cybersecurity has become an increasingly hot topic in the business…
$6.9 billion: so high are the latest FBI’s estimated potential losses from cybercrime in 2021. Discover how security as a code can help you and your organization prevent breaches, improve security operations, and survive the age of cyber…
Discover one of the most effective ways to check the integrity of signed executables downloaded from the internet. Learn how to check MD5 checksums and protect your device from harmful downloads Infected executables are one of…
Say no to risky downloads! Learn how to verify the checksum of a downloaded file in 5 easy steps to ensure that the file is malware free and legitimate. Discover how comparing checksums can give you…
Discover the world of cryptographic checksums. Learn about their meaning, the magic behind them, how to use them, and what their key role is in data integrity and cybersecurity Historically, the only way to install new…
Not sure how to become a verified publisher with Microsoft? No worries — we’ll break down what a Microsoft-verified publisher is and how you can start publishing Windows-trusted desktop applications and drivers in no time. Are…
Add some hash to your data! Explore four flavors of one of the key ingredients of effective cybersecurity in this hash algorithm comparison article. Learn about their distinct properties and characteristics, and how they can make…
Beef up your data protection security with the most secure hashing algorithm. Learn how a one-way function can unlock your ability to truly excel in cybersecurity, protecting your sensitive data with virtually irreversible and unique hashes…
This five-step guide provides a quick overview of how to use OpenSSL to generate a CSR for your digital certificates to secure your website or code OpenSSL allows you to generate a certificate signing request (CSR)…
42% of cybersecurity professionals interviewed by Cisco consider the growing number of application vulnerabilities one of their top concerns. Discover how to take your software development life cycle to the next level by joining the secure SDLC…
Creating a certificate signing request (CSR) is the first step to get a code signing certificate. Here are step-by-step instructions to quickly generate a CSR with the DigiCert Certificate Utility A code signing certificate CSR —…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.