Code Signing Certificates

Limited-Time Offer
Lock in up-to 40% Savings on 3-year Code Signing certificates and receive a FREE token for 3-year orders placed this month.

The new CA/B Forum rules require all Code Signing Certificates be provisioned and shipped on hardware-based tokens. To save on annual token and shipping costs, we recommend purchasing 3-year certificates to pay only one token and one shipping charge saving 40% versus renewing annually. This month, we are also including a FREE token for all 3-year OV & EV Code Signing Certificates—a $50 value!

4.8
Star rating on

Trustpilot
40%
Savings off list price with

Free Token with 3-year purchase deal
3
Years of worry-free

code signing
Free
FIPS-Compliant token with the purchase of a 3-year OV or EV certificate. Save $50!

Item 1 of 4

Code Signing Certificate

FIPS-Compliant Device Delivery

Starting from

Free token with 3-year certificate
Meet CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increase user confidence by showing the identity of the signing party before applications are run
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

EV Code Signing Certificate

Highest level of Security

Starting from

Extended validation (EV) offers highest level of security
Free USB token with 3-year certificate
Meet CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows 8.0 and later, Internet Explorer 9 and later, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increase user confidence by showing the identity of the signing party before applications are run
Protects private key from theft via hardware token and PIN
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

4.2

3,629 reviews on Trustpilot

As of February 2025

What changed?

Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts, and programs, to confirm the software has not been tampered with by outside sources. This is especially important for publishers distributing through third-party download sites, where they have limited control. Major operating systems like Microsoft Windows display errors or warning messages if software does not have an encrypted digital signature verified by a trusted Certificate Authority (CA).

Starting June 1, 2023, the CA/B Forum changed the OV Code Signing regulations to require all Certificate Authorities (CAs) to ensure that the subscriber’s private key is generated, stored, and used in suitable FIPS-compliant hardware.

Why the Change?

Requirements for private keys used with EV code signing certificates have been stronger than OV code signing certificates which are more relaxed.

The new rules are intended to reduce the potential misuse of code signing certificates and to further protect those certificates from getting into the wrong hands by making key protection requirements for OV code signing certificates the same as EV code signing certificates.

Important Dates for Code Signing Timeline

As of June 1, 2023, you will no longer be able to issue your standard OV code signing certificates. All code signing certificates issued after June 1, 2023 will be:

Installed on a token and shipped securely to the requester

Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. USB tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Customer dashboard view showing all Sectigo products in use

Intuitive Dashboard

In our customer dashboard, you'll be able to view all products you have with Sectigo, view their lifecycle status, issue or reissue, and renew expiring certificates, saving you time and fear that an expired certificate may down your site at an unexpected time.

Trusted by Leading Brands Globally

Securing some of the world’s largest and best-known brands.

Item 1 of 13

How they work

Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts, and libraries, to confirm that the software has not been tampered with by any outside source. The code signing process works by using public key cryptography and code hash functioning to digitally sign data, verify identity, and confirm the software code’s integrity is valid. The end user will receive an error or warning if the code does not have a valid digital signature.

Diagram showing how the code signing certificate process works

FAQs

Have another question?

Reach us by chat in the lower-right corner.

What is a Code Signing Certificate?

A code signing certificate allows software developers to add digital signatures to code and to include information about themselves and the integrity of their code within their software. The end users that download digitally signed 32-bit or 64-bit executable files (.exe, .ocx, .dll, .cab, and more) can be confident that the code really comes from a verified developer and there was no tampering by a third party since it was signed.

What is EV Code Signing?

Extended validation code signing certificates work the same way as organization validation (OV) code signing certificates but they require a more comprehensive vetting process before a certificate is issued.

What is a Code Signing Service?

A code signing service is an online cloud-based solution which provides signatures for code binaries. The developer’s certificate is maintained securely in the cloud. The developer or signee does not have to send the entire file to be signed, a hash code will suffice. The service provides security, convenience, and scalability.

How Do I Get a Certificate for Code Signing?

There are certain requirements that need to be fulfilled to validate one’s code signing certificate. The three main things that must be verified before issuance of a code signing certificate are:

1. The legal existence of the organization or individual named in the Organization field of the certificate must be verified.

2. The email to which the code signing certificate is to be sent must be [email protected], where domain.com is owned by the organization named in the certificate.

3. A callback must be made to a verified telephone number for the organization or individual named in the certificate in order to verify that the person placing the order is an authorized representative of the organization.

As of June 1, 2023 Code Signing certificates will be:

Installed on a Sectigo token and shipped securely to the customer.
Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Product Refunds

Code Signing certificates are installed on a physical token and shipped to your location. We can only provide full refunds for products that have not been shipped. Once a product has shipped and within 30-days from order, we will refund the product cost, less shipping and token cost.

How Much Does a Code Signing Certificate Cost?

A Sectigo® code signing certificate starts at $340.33 per year when customers choose the three-year option. The cost goes up for shorter time periods and for EV code signing certificates.

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States

France

Italy

Spain

Germany

International

Resources

Related Resources

Sectigo Blog

How long can digital certificates be valid? Go to How long can digital certificates be valid?

January 14, 2022

Learn about how the validity periods for digital certificates are determined and the benefits of digital certificates.

Learn More

Sectigo Blog

What Is Code Signing? Go to What Is Code Signing?

September 9, 2021

Code signing is used to authenticate the originator and authenticity of a file. The identity is inserted directly into a program via code or with an executable file (.exe) by creating a digital signature through hashing a private key. The…

Learn More

Sectigo Blog

Code Signing Best Practices Go to Code Signing Best Practices

September 9, 2021

Code signing and the use of digital certificates underpin the concept of trust in the modern technological landscape.

Learn More