Limited-Time Offer

Code Signing Certificates

Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts, and programs, to confirm that the software has not been tampered with by any outside source. This is especially important for those who distribute through third-party download sites, over which they may have no control.

Major operating systems like Microsoft Windows will show end users an error or warning message if the software they are downloading or installing does not have an encrypted digital signature, verified by a trusted Certificate Authority (CA).

3

Years of worry-free

code signing

Lock in up to 37% Savings on 3-year code signing certificates and receive a FREE token for 3-year orders placed this month.

The new CA/B Forum rules require all code signing certificates to be provisioned and shipped on hardware-based tokens. To save on annual token and shipping costs, we recommend purchasing 3-year certificates to pay only one token and one shipping charge saving 37% versus renewing annually. This month, we are also including a FREE token for all 3-year OV & EV code signing certificates - a $50 value!

Code Signing Certificate

FIPS-Compliant Device Delivery

Price starting from:

$519

Up to 42% off with multi-year

Free token with 3-year certificate
Meet CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increase user confidence by showing the identity of the signing party before applications are run
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

EV Code Signing Certificate

Highest level of Security

Price starting from:

$588

Up to 35% off with multi-year

Extended validation (EV) offers highest level of security
Free USB token with 3-year certificate
Meet CA/Browser Forum authentication standards and Microsoft specifications
Establishes reputation in Windows 8.0 and later, Internet Explorer 9 and later, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
Increase user confidence by showing the identity of the signing party before applications are run
Protects private key from theft via hardware token and PIN
Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
Includes timestamp functionality for continued operation even after the code signing certificate has expired

What changed?

As of June 1, 2023, all code signing certificates must comply with the new CA/B Forum regulations to ensure that the subscriber’s private key is generated, stored, and used in suitable FIPS-compliant hardware.

Requirements for private keys used with EV code signing certificates have been stronger than OV code signing certificates which are more relaxed.

The new rules are intended to reduce potential misuse of code signing certificates and to further protect those certificates from getting into the wrong hands by making key protection requirements for OV code signing certificates to be the same as EV code signing certificates.

As of June 1, 2023, you will no longer be able to issue your standard OV code signing certificates. All code signing certificates issued after June 1, 2023 will be:

Installed on a token and shipped securely to the requester

Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. USB tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Intuitive Dashboard

In our customer dashboard, you'll be able to view all products you have with Sectigo, view their lifecycle status, issue or reissue, and renew expiring certificates, saving you time and fear that an expired certificate may down your site at an unexpected time.

How they work

Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts and libraries, to confirm that the software has not been tampered with by any outside source. The code signing process works by using public key cryptography and code hash functioning to digitally sign data, verify identity, and confirm the software code’s integrity is valid. The end user will receive an error or warning if the code does not have a valid digital signature.

Diagram showing how the code signing certificate process works

Trusted by Leading Brands Globally

Securing some of the world’s largest and best-known brands.

FAQs

Have another question?

Reach us by chat in the lower-right corner.

A code signing certificate allows software developers to add digital signatures to code and to include information about themselves and the integrity of their code within their software. The end users that download digitally signed 32-bit or 64-bit executable files (.exe, .ocx, .dll, .cab, and more) can be confident that the code really comes from a verified developer and there was no tampering by a third party since it was signed.

Extended validation code signing certificates work the same way as organization validation (OV) code signing certificates but they require a more comprehensive vetting process before a certificate is issued.

There are certain requirements that need to be fulfilled to validate one’s code signing certificate. The three main things that must be verified before issuance of a code signing certificate are:

1. The legal existence of the organization or individual named in the Organization field of the certificate must be verified.

2. The email to which the code signing certificate is to be sent must be [email protected], where domain.com is owned by the organization named in the certificate.

3. A callback must be made to a verified telephone number for the organization or individual named in the certificate in order to verify that the person placing the order is an authorized representative of the organization.

As of June 1, 2023 Code Signing certificates will be:

Installed on a Sectigo token and shipped securely to the customer
Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.

Code Signing certificates are installed on a physical token and shipped to your location. We can only provide full refunds for products that have not been shipped. Once a product has shipped and within 30-days from order, we will refund the product cost, less shipping and token cost.

A Sectigo® code signing certificate starts at $206 per year when customers choose the three-year option. The cost goes up for shorter time periods and for EV code signing certificates.

Still Have Questions?

Our technical support team is ready to assist you in selecting the right certificate for you. Our experts are helping customers 24/7/365.
Simply chat with us now or reach us at [email protected] or by phone:

United States

+1 888 266 6361

International

+1 914 732 8446

Related Resources

Learn More

How long can digital certificates be valid?

Blog Post from Sectigo

Blog Post Jan 14, 2022

Learn about how the validity periods for digital certificates are determined and the benefits of digital certificates.

Certificates SSL / TLS Extended Validation (EV) Code Signing

Sectigo Team
Delivering Digital Trust

Learn More
Learn More

What Is Code Signing?

Blog Post from Sectigo

Blog Post Sep 09, 2021

Code signing is used to authenticate the originator and authenticity of a file. The identity is inserted directly into a program via code or with an executable file (.exe) by creating a digital signature through hashing a private key. The corresponding public key can be used to verify that the file is intact, original, and unmodified.

Sectigo Team
Delivering Digital Trust

Learn More
Learn More

Code Signing Best Practices

Blog Post from Sectigo

Blog Post Sep 09, 2021

Code signing and the use of digital certificates underpin the concept of trust in the modern technological landscape.

Sectigo Team
Delivering Digital Trust

Learn More