In 2022, 33% of newly discovered vulnerabilities were flagged as critical or high. Explore OWASP’s secure coding practice checklist and learn how to leverage its power to boost your threat protection and reduce attack risks Digitalization is both a blessing and a curse for organizations.…
Blogging About Everything Software Security – Threats, Updates, Best Practices, Tips, & More
Software touches the everyday lives of billions of people around the world. They rely on us (the software industry) to deliver dependable, safe applications for them to use. This blog is dedicated to working together to do our part to make the (software) world a better place…one piece of software at a time!
We’ll break down how to sign your EXE files to make them more trustworthy for users As a software developer, you likely know the lifecycle of developing software and are well acquainted with the challenges that…
Verizon’s 2021 Data Breach Investigation Report data shows that malicious software is involved in more than 70% of system intrusions (including computer hacks). Windows Defender SmartScreen is one of the tools that helps to protect your device…
Many malicious programs come from unknown or unverified publishers. But why is software from an unknown publisher dangerous? And why should you only download software from trusted publishers? When you buy or download software, you likely…
AV-TEST says they register more than 450,000 new malware programs and potentially unwanted applications (PUAs) every day. Digitally signing executable files helps you protect your application’s integrity and establish trust According to 2020 data from Statista, one…
GoDaddy Has Made the Decision to Stop Issuing & Renewing Code Signing Certificates from June 1, 2021, Onwards GoDaddy Inc., an American company headquartered in Scottsdale, Arizona, and incorporated in Delaware, is one of the biggest…
Microsoft Authenticode Signature Verification – A Cryptographic Procedure Microsoft Authenticode Signature is one type of digital signature format used to determine the origin and integrity of software binaries, like code signing certificates. Microsoft Authenticode is based upon Public-key…
Here’s How Code Signing Ecosystem Helps Windows Determining Which Software to Trust Have you ever come across an “Unknown Publisher” popup message when you tried installing software? For instance, when you’re installing a piece of software…
List of Software Security Vulnerabilities and Weaknesses If you want to protect your customers and your brand, it’s important to identify and prevent software security vulnerabilities before shipping software. In order to do so, you first…
Quick Guide to Generate a CSR Through Java KeyStore for a Java Code Signing Certificate A Java code signing certificate is important to avoid annoying warning messages like “Unknown Publisher” or “Application Blocked by Java Security”…
How to Set Up and Install a Java Code Signing Certificate In Java, the process of setting up and installing a Java Code Signing Certificate is mostly the same as with an SSL Certificate but with a few…
Here’s a Quick Guide to Generate a CSR for Getting an Adobe Code Signing Certificate Issued If you’re a web developer or an organization that builds applications using Adobe Air – a cross-platform runtime system used…
Use the DigiCert Certificate Utility Tool to Simplify Your Software Signing Process in Microsoft Windows Have you purchased the DigiCert code signing certificate? Hopefully, everything has gone fine, and you’ve got the code signing certificate issued. If…
As an iOS developer, you might enjoy the application development process…until the code signing part.As you are probably aware, code signing is a technique assuring the end-user that the software codes are unaltered and untampered since it…
It’s important to know that the code you use is authentic and that it has not been modified by anyone else. If you don’t ensure that the code is genuine, you and your organization may end…
Step-by-Step Instructions to Sign Code With a Microsoft Authenticode Signing Certificate If you’re a software developer, you know how much work it is to develop and publish software. How will you feel, if after all the…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.