Skip to content
EmailEmail Us Mobile+1 (727) 291-0611 ChatChat Now Login
30 Days Guarntee Price Match Guarntee
CodeSigningStore Logo
My Account
  • Shop Certificates
    • OV Code Signing
      • DigiCert Code Signing
      • Sectigo Code Signing
      • Comodo Code Signing
      • GoGetSSL Code Signing
      • GoGetSSL Cloud Signing
    • EV Code Signing
      • Digicert EV Code Signing
      • Sectigo EV Code Signing
      • Comodo EV Code Signing
      • GoGetSSL EV Code Signing
      • GoGetSSL EV Cloud Signing
  • Cloud Signing
    • Cloud Code Signing by GoGetSSL
    • EV Cloud Code Signing by GoGetSSL
    • DigiCert Software Trust Manager
  • Support
  • Blog
cart
Moneyback Price Match Guarntee

Code Signing Best Practices Guide

Poor code signing practices lead to issues for software publishers and users alike. Implement industry signing best practices right away to prevent these concerns from affecting your products and customers.

Sign up for our free Code Signing Best Practices Guide to discover everything you need to know to start signing your code.

Complete the form below to download your free Code Signing Best Practices PDF today!

10 Code Signing Best Practices
CDS Logo

Contact

+1 (727) 291-0611

146 2nd St. N. #201C
St. Petersburg, FL 33701
United States

  • Facebook
  • Twitter

Code Signing Certificates

  • OV Code Signing Certificates
  • EV Code Signing Certificates
  • Cloud Signing Certificates

24/7 Customer Support

  • FAQs
  • + 1 (727) 291-0611
  • [email protected]

Microsoft Code Signing

  • Windows Code Signing
  • Authenticode Code Signing
  • Compare C# and .NET Code Signing

Driver Code signing

  • Windows Driver Code Signing
  • Kernel Mode Code Signing
  • PowerShell Code Signing

Visual Studio Code Signing

  • ClickOnce Signing
  • Visual Studio Code Signing

Other Code Signing

  • Java Code Signing
  • Electron Code Signing
  • Cheap Code Signing
  • Azure Key Vault Code Signing
Price Match and Moneyback
Payment we Accept
24/7 Support

24/7 Customer Support

Phone IconPhone Email IconEmail
Trusted Site Seal

© 2025 The SSL Store™. A subsidiary of DigiCert, Inc. All rights reserved. Cookie Consent

  • Privacy Policy
  • Refund Policy
  • Disclaimer
  • Sitemap

Cloud Signing Account Access

New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.

Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.

suspension note

In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.

More information about U.S. export control and economic sanctions laws and regulations can be found at websites maintained by the U.S. Department of Commerce's Bureau of Industry and Security and the U.S. Treasury Department's Office of Foreign Assets Control.

Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.

Code Signing Certificate Delivery Options

Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.

We offer several options to deliver your code signing certificate in compliance with these new requirements:

Easiest Option: Token + Shipping

This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.

You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)

Use an Existing Token

If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.

Advanced Option: Install on a Hardware Security Module (HSM)

If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.

Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).

Code Signing Certificate Delivery Options

Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.

We offer several options to deliver your code signing certificate in compliance with these new requirements:

Easiest Option: Get your certificate shipped from Sectigo on a USB token

This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):

Delivery Option Shipping Details
USB Token + Shipping (US) Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US) Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US) Choose this option if your shipping address is not in the United States.

You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)

Advanced Option: Install on your own HSM or hardware token

If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:

  • Luna Network Attached HSM V7.x
  • YubiKey 5 FIPS Series
  • Google Cloud KMS (Cloud HSM)

Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.

Code Signing Certificate Delivery Options

Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.

We offer several options to deliver your code signing certificate in compliance with these new requirements:

Easiest Option: Get your certificate shipped from Comodo CA on a USB token

This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):

Delivery Option Shipping Details
USB Token + Shipping (US) Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US) Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US) Choose this option if your shipping address is not in the United States.

You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)

Advanced Option: Install on your own HSM or hardware token

If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:

  • Luna Network Attached HSM V7.x
  • YubiKey 5 FIPS Series
  • Google Cloud KMS (Cloud HSM)

Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.

loading
Setting up account, this may take a few minutes

Do not close or refresh this page.

Certificate Generation Info

Organization information

(company name as it appears on legal business registration documents)

Account Administrator Information