In 2022, 33% of newly discovered vulnerabilities were flagged as critical or high. Explore OWASP’s secure coding practice checklist and learn how to leverage its power to boost your threat protection and reduce attack risks Digitalization is both a blessing and a curse for organizations.…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
This step-by-step guide will walk you through how to install a .pfx certificate on Windows 10 Certificate Manager (i.e., how to import a .pfx certificate file). This process works for importing code signing certificates as well…
This brief guide introduces you to Windows 10 Certificate Manager. This tool allows you to view and manage installed digital certificates on Windows devices as well as view CRLs and CTLs as well When you install…
Scan before you click! Discover the best free safe download checkers you need to try right now. We’ll cover what tools you can use to protect your devices from security threats when downloading files, software, and…
Discover how a small change in word order can make a difference to your organization’s security strategy in software development by enabling you to deliver secure, high-quality software faster With the number of security attacks skyrocketing and software…
Learn how integrating secure devops into your business strategy can improve your software, protect your organization, and put security at the heart of software development without having to choose between security, speed and innovation 2021 was…
Windows code signing made simple: learn in 5 easy steps how to eliminate unknown publisher warnings, build customer trust, and guarantee your code’s integrity by signing your executables using Microsoft Signtool! Technology has never evolved so…
Deep Instinct’s 2020 Cyber Threat Landscape Report shows that malware increased 358% overall in 2020. Thankfully, there’s a certificate you can use to sign apps that helps users determine whether your application is legitimate. Discover which certificate can…
Data from a Symantec report shows that 99% of the discovered mobile malware is found in third-party app stores. Learning how to recognize safe download websites and following a few best practices can protect you and…
Discover what code signing is, how it works, why it’s important for businesses and users alike, and why you should use it as a software developer or publisher to protect your brand Trust, authenticity, integrity are…
Learn how, when, why, and which PKI digital certificate can help keep your data, customers, and overall business secure in the online world Digitalization has transformed our world and lives dramatically. In the last few years,…
Hashing algorithms are used all over the internet. Learn what hashing algorithms are, explore their applications, and how to identify what the best hashing algorithm is for your specific needs When talking about hashing algorithms, usually…
Downloading a single computer virus can spell disaster for your business and result in the theft of customers’ sensitive data. We’ll break down everything you need to know to safely download software, apps, and files from…
Is it possible to tell whether a download is safe? In some cases, yes, it is possible. Here’s how to check if a download is safe When you download something from the web, there are chances…
Hashing functions play a vital role in digital security — hashing functions do everything from providing tamper resistance for email communications to securing your software supply chain Just look back at your day so far and…
While it’s possible to generate and use a self signed code signing certificate, this is a practice you should avoid doing for uses outside your organization’s internal testing environment Technically speaking, it’s possible to use self…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.