Customer Support

Home / Customer Support / Code Signing Support

Code Signing Support

You’ve purchased a code signing certificate — now what? Follow these four easy code signing support steps to begin signing your software. Have more questions? Check out our Frequently Asked Questions (FAQ) for Code Signing page.

NOTE: Starting in 2023, all code signing certificates and private keys must be installed and stored on hardware security tokens or hardware security modules (HSMs). According to the CA/Browser Forum’s (CA/B Forum) Code Signing Baseline Requirements, these devices must be certified to meet or exceed FIPS 140-2 Level 2 or Common Criteria EAL 4+.

The information on this page walks you through the most common method for getting a code signing certificate — the certificate authority ships a secure USB token to you. This token will either:

• contain the preinstalled certificate and key (for Sectigo OV and EV certificates), or
• be blank (for DigiCert OV and EV certificates) and you must generate the certificate and key on the device using the instructions that will be mailed with it.

If you need to use an alternate workflow, such as using a hardware security token you already own or a cloud-based hardware security module (HSM), check out Step 3 for additional information or contact our Support team so we can help.

STEP 1. Complete the Certificate Enrollment Form

Go to your order detail page in My Account and follow the steps to start the certificate issuance process. You must select your certificate provisioning method when purchasing your certificate. With the standard provisioning process, you don’t need to generate a certificate signing request (CSR) because the Certificate Authority (CA) handles that step for you.

NOTE: If you’re using a hardware security token you already own or a cloud-based hardware security module (HSM), jump to Step 3 for additional information or contact our Support team so we can help.

• What to Know When Purchasing Your Next Code Signing Certificate
• What Are the 3 Code Signing Certificate Delivery Methods?

STEP 2. Validate Your Certificate

Code signing certificates require a strict validation process in order to be trusted by operating systems and other platforms (such as Microsoft Windows). Select the appropriate validation guide below (based on your purchase) to learn how to validate your certificate:

• Comodo OV Validation Guide
• DigiCert OV Validation Guide
• Sectigo OV Validation Guide
• Comodo EV Validation Guide
• DigiCert EV Validation Guide
• Sectigo EV Validation Guide

STEP 3. Get Your Code Signing Certificate and Key

The method you’ll use to receive your code signing certificate and private key will depend on the delivery method you selected when purchasing your certificate.

With the default provisioning method, you’ll receive your OV or EV certificate and key, shipped to you on a secure hardware token. To use it for code signing, you’ll first need to install the hardware token’s client software on your computer and connect with it to activate the token. You will receive setup instructions with your device in the mail.

Check out the following resources for additional information about these secure tokens and other provisioning methods:

• How to Set Up Your New Code Signing Hardware Token (A Step-by-Step Guide)
• How to Get a Code Signing Certificate Without a Hardware Token
• How to Set Up and Use GoGetSSL Cloud Signing
• Azure Key Vault Set Up and Code Signing Tutorial (with FAQs)
• Sectigo + Google Cloud KMS Code Signing

STEP 4. Sign Your Code

Signing code using an OV or EV certificate requires you to use the hardware token and associated credentials. This will be a unique password set up during Step 3. You’ll then be able to use your preferred tool (such as SignTool) to sign your executable files:

• How to Sign an EXE or Application in 5 Steps
• What Is Microsoft Signtool & How Can I Use It to Sign Executables?
• How to Sign an EXE or DLL in Visual Studio 2022 Using SignTool
• 9 Common Software Signing Mistakes to Avoid in Your Next Project
• How to Digitally Sign a Macro for Excel Using a Code Signing Certificate
• The Ultimate Java Jarsigner Guide: How Does It Work and How Can I Use It
• The Ultimate Guide to Microsoft SignTool