WHAT IS CODE SIGNING?

Code signing increases user confidence and trust

Code Signing Certificates are used by software developers to digitally sign applications, drivers, executables and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your company’s name and, if desired, a timestamp.

BENEFITS OF DIGICERT CODE SIGNING CERTIFICATES

Protect your intellectual property

Code signing certificates allow customers to verify that your code is authentic and has not been tampered with—protecting both parties against fraud, malware and theft.

Prevent security warning labels

Your customers expect a smooth and professional installation process when they download your software. Digitally signed programs can avoid warning messages during download and install for better adoption. 

Efficient monitoring and enforcement

When a piece of code is digitally signed, you can easily detect modified files. Additionally, code signed with a timestamp tells a user that the code was signed with a valid certificate even after the actual certificate expires.

Meet platform requirements

The partners, channels and platforms that distribute your software expect you to safeguard their customers' data. Signing software shows your commitment to their safety and is often a contractual requirement.

WHAT IS EV CODE SIGNING?

EV Code Signing increases trust and adoption

Extended Validation (EV) Code Signing Certificates include all the standard benefits of digitally signed code plus a rigorous vetting process and hardware security requirement, so your users can have even greater confidence in the integrity of
your applications.

BENEFITS OF DIGICERT EV CODE SIGNING CERTIFICATES

Two-factor authentication:

An encrypted token containing the private key is stored on a USB device that you receive after you purchase your certificate. Only those who have the physical device can sign code with your EV code signing certificate, providing reinforced authentication and enhanced security.

Time-sensitive signing:

Adding an optional timestamp means your signature lives on even after the original EV code signing certificate used to sign it has expired. Without a timestamp, your signature expires when the certificate expires, requiring you to re-sign your code.

Microsoft Defender SmartScreen:

Automatically gain trusted status on Microsoft Defender SmartScreen® Reputation filter, thereby reducing warning messages and increasing brand reputation and end-user trust.

Support for hardware security modules:

DigiCert EV Code Signing Certificates can be installed on HSMs, giving you more control over your certificates and their private keys. Anyone in your organization with authorized access to the HSM can use the stored certificate to sign code.

Universal platform compatibility:

There is no need to reissue your certificate to sign code for a different platform (e.g., Authenticode, Kernel Mode, etc.)

ADD CONTINUOUS SIGNING (CS) TO YOUR CI/CD PIPELINE

DevOps has changed how the world builds and delivers software. Unfortunately, it has led to a common but dangerous practice—key sharing. The exposure that comes with key sharing leaves you open to threats that can disrupt your processes and permanently damage your company.

With DigiCert® Secure Software Manager, continuous signing actually closes your DevOps loop, building security into your CI/CD pipeline, all without disruption or a loss of agility. Add end-to-end encryption to your code, see who signed and when, and manage your chain of custody, all from a single console, crafted for DevOps by DevOps.

WHY DIGICERT ?

Globally

recognized

Certificate Authority

Access to 24/7/365

award-winning

customer support 
2020 Frost and

Sullivan Global TLS

Certificate Company

of the Year
99.99% uptime  with

dedicated local and

in-region support

FREQUENTLY ASKED QUESTIONS

  • No, a Code Signing certificate is tied to your Organization Name only. The Common Name you are prompted for is required by our system for the request to be accepted, but we will replace it in our system with the Organization Name you have entered in your CSR so that the correct details will be displayed when the signature on the code is viewed.
  • Code Signing certificates are valid for 1 to 3 years depending on which life cycle you choose when you purchase the certificate.You should also timestamp your signed code to avoid your code expiring when your certificate expires.
  • XcellHost timestamp services allow you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the system validates the timestamp. If you use the timestamping service when signing code, a hash of your code is sent to the timestamp server to record a timestamp for your code. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired. Please specify the timestamp server url you need when you sign your code. Digicert provides you with both a SHA-1 and SHA-256 RFC 3161 timestamping URLs. The timestamp server validates the date and the time that the file was signed therefore the certificate can expire but the signature will be valid for as long as the file is in production. A new certificate is only necessary if you want to sign additional code or re-sign code that has been modified. If you do not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers. To verify if your file has been timestamped, you can use the verifying commands provided in our knowledge base articles. The date and time will be displayed when the file has been timestamped. No dates or a warning will appear when the file has NOT been timestamped.
  • No, Digicert does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are used for and distributed by the organization that owns the certificate.
  • Yes, the Thawte Code Signing Certificates are chained. The Code Signing Certificates are signed by the Thawte Code Signing CA Intermediate Certificate which is chained to the Thawte Primary Root CA certificate.
  • The required files are created by your browser during the enrollment process (except in the case of a JavaSoft Certificate) and our verification team then sets about verifying the details contained in the certificate request submitted to us once the enrolment has been completed. As soon as the details have been verified completely you are issued with a Digicert Code Signing certificate which is tied to your Organization.

Couldn't find what you're looking for?

Check out these other great options.


SSL Certificates


Verified Mark Certificates


S/MIME Certificates


Document Signing Certificates


Private CA


Certificate Management Solutions


IOT Certificate Management


Smart Seal


Managed PKI


Device Attestation Certificates