USD

Existing customer? Log In

Limited-Time Offer

Code Signing Certificates

Lock in 25% Savings on 4 Years of

Hassle-Free Code Signing

Purchase a Code Signing Certificate by April 24th with a validity period of up to three years and avoid the heavy-lift of upcoming CA/B Forum. During these 3 years, you will not be required to switch to a hardware-based token. Between now and April 24, 2023, you can purchase Sectigo OV Code Signing certificates, avoid the cost of the token and shipping, lock-in the use of software-based certificates for the next 3 years, and we're adding a fourth-year free.

Years of worry-free

code signing

4th Year Free!*

Code Signing Certificate

Software-Based Code Signing Certificate

$379

Up to 47% off with multi-year

*Purchase 3 year OV Code Signing Certificate and 4th year is free.
For a software-based certificate you must order before the April 24th deadline
Meets CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows 8.0 and later, Internet Explorer 9 and later, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increases user confidence by showing the identity of the signing party before applications are run
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

EV Code Signing Certificate

Highest level of Security

$498

Up to 29% off with multi-year

Highest level of security
Physical USB token
Meets CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows 8.0 and later, Internet Explorer 9 and later, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increases user confidence by showing the identity of the signing party before applications are run
Protects private key from theft via hardware token and PIN
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

What is Changing?

As of June 1, 2023, all Code Signing Certificates must comply with the new CA/B Forum regulations to ensure that the subscriber’s private key is generated, stored, and used in a suitable FIPS-compliant hardware.

We recognize this requires customers to commit to a heavy lift. Between now and April 24, 2023, you can purchase Sectigo OV Code Signing certificates and lock-in the use of software-based Code Signing certificates for the next three years and will not be required to switch to a hardware-based token during that time. At the end of your 3-year certificate, Sectigo will ship a free FIPS-compliant token with an extra 12 months of OV Code Signing Certificate validity to you.

Requirements for private keys used with EV code signing certificates have been stronger than OV code signing certificates which are more relaxed.

The new rules are intended to reduce potential misuse of code signing certificates and to further protect those certificates from getting into the wrong hands by making key protection requirements for OV code signing certificates to be the same as EV code signing certificates.

No hassle and last-minute compliance requirements: A 3-year Code Signing certificate just the way you know it: a software-based certificate, which doesn’t require FIPS-complaint hardware and delays the requirement for 3 years.
12 months free: After your 3-year contract has come to an end, we will ship you a free FIPS-compliant token with your 12 months extra validity – bringing the total to four years and ensuring compliance with CA/B Forum changes in the future.
Avoid the cost of the token and shipping

April 24, 2023 is the last day you will be able to purchase an OV Code Signing Certificate without the requirement of hardware based issuance.

Starting May 1, 2023, you will no longer be able to issue your standard OV Code Signing certificates. If you have not already issued a purchased certificate, you need to take action immediately. After May 1st we are unable to issue software-based Code Signing.

If you are not ready to make the transition to the new requirements, we suggest you take advantage of the full 3-year term currently offered. If you have purchased a code signing certificate for less than this period, reach out to one of our experts and inquire about extending your coverage.

After June 1, 2023 Sectigo OV code signing certificates will be either:

Installed on a Sectigo token and shipped securely to the customer
Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Trusted by Leading Brands Globally

Securing some of the world’s largest and best-known brands.

FAQs

Have another question?

Reach us by chat in the lower-right corner.

A code signing certificate allows software developers to add digital signatures to code and to include information about themselves and the integrity of their code within their software. The end users that download digitally signed 32-bit or 64-bit executable files (.exe, .ocx, .dll, .cab, and more) can be confident that the code really comes from a verified developer and there was no tampering by a third party since it was signed.

EV code signing works the same way as standard code signing but it requires a more comprehensive vetting process before being issued, and it provides extra security by storing the private key in an external hardware token.

A code signing service is an online cloud-based solution which provides signatures for code binaries. The developer’s certificate is maintained securely in the cloud. The developer or signee does not have to send the entire file to be signed, a hash code will suffice. The service provides security, convenience, and scalability.

There are certain requirements that need to be fulfilled to validate one’s code signing certificate. The three main things that must be verified before issuance of a code signing certificate are:

1. The legal existence of the organization or individual named in the Organization field of the certificate must be verified.

2. The email to which the code signing certificate is to be sent must be [email protected], where domain.com is owned by the organization named in the certificate.

3. A callback must be made to a verified telephone number for the organization or individual named in the certificate in order to verify that the person placing the order is an authorized representative of the organization.

After May 1, 2023 Code Signing certificates will be:

Installed on a Sectigo token and shipped securely to the customer
Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Still Have Questions?

Our technical support team is ready to assist you in selecting the right certificate for you. Our experts are helping customers 24/7/365.
Simply chat with us now or reach us at [email protected] or by phone:

United States

+1 888 266 6361

International

+1 914 732 8446