Code Signing Best Practices
Want to keep your software and code safe?
Enter your contact information below below to receive your FREE Best Practices PDF:
A code signing certificate CSR — or what’s sometimes referred to as a code signing CSR or code signing request — is what you need to do to get a publicly trusted code signing certificate to sign your code, scripts, or other executables. You can create a code signing CSR:
To simplify the code signing CSR process, this article will walk through how to complete a code signing request using DigiCert’s Certificate Utility tool.
You’ll need to purchase a code signing certificate. Check out these two other pages to learn more about DigiCert’s standard and extended validation code signing certificates. Note: EV code signing certificates don’t require a CSR.
This may surprise you to know that the DigiCert Certificate Utility tool isn’t meant only for generating or handling SSL/TLS certificates. This CSR generation utility can also generate code signing requests (CSRs). To use this tool, you’ll need to download and install DigiCert’s Certificate Utility tool. Once you’ve done that, open the program on your device.
In the left-hand navigation pane, select Code Signing. Next, press the blue Create CSR option near the top-right portion of your screen:
Pressing the Create CSR option will launch a new screen that features some information fields that you’ll need to complete.
The Code Signing radio button should automatically be selected. If not, be sure to switch that from SSL to Code Signing now.
Next, you’ll need to complete the required information fields:
Once finished, click the Generate button to create your CSR block. This will close out the dialog window and open a new screen that says, “The certificate request has been successfully created.”
In the next window, you’ll see a message that starts with “—-BEGIN NEW CERTIFICATE REQUEST—–.” This is the unique code signing CSR data block that you’ll need to send to your issuing CA by adding it to your code signing certificate order form.
To copy the code signing CSR, press Copy CSR. Be sure to also save a copy of your CSR as a text file. You can do this by pressing Save to File.
Now, you’ll need to add this data to your certificate order. If you purchased your certificate through CodeSigningStore.com, you can do this by:
That’s it! You’ve now completed the code signing certificate CSR generation process. The next step involves waiting for DigiCert to perform the validation of your organization on their end and receiving the certificate via email.
Prove Your Software Is Trustworthy
Signing your code shows users that your software and updates can be trusted.
Download our free code signing best practices eBook to learn how to help keep your supply chain secure and your company, customers & end-users safe.
No worries here. The DigiCert Utility tool also can be used to generate code signing CSRs for other brands’ certificates as well (think Sectigo, Comodo, etc.). It’s not a brand-specific user interface. Alternatively, you also can use OpenSSL (via the Windows command line console) to generate a certificate manually. We’ve put together a resource that will walk you through how to use OpenSSL to generate a code signing CSR.