Code Signing Certificates
Limited-Time Offer
Lock in up-to 37% Savings on 3-year Code Signing certificates and receive a FREE token for 3-year orders placed this month.
The new CA/B Forum rules require all Code Signing Certificates be provisioned and shipped on hardware-based tokens. To save on annual token and shipping costs, we recommend purchasing 3-year certificates to pay only one token and one shipping charge saving 37% versus renewing annually. This month, we are also including a FREE token for all 3-year OV & EV Code Signing Certificates—a $50 value!
3
Years of worry-free
code signing
Code Signing Certificate
FIPS-Compliant Device Delivery
Up to 40% off with multi-year.
- Free token with 3-year certificate
- Meet CA/Browser Forum authentication standards and Microsoft specifications
- Establishes reputation in Windows, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
- Increase user confidence by showing the identity of the signing party before applications are run
- Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
- Includes timestamp functionality for continued operation even after the code signing certificate has expired
EV Code Signing Certificate
Highest level of Security
Up to 32% off with multi-year.
- Extended validation (EV) offers highest level of security
- Free USB token with 3-year certificate
- Meet CA/Browser Forum authentication standards and Microsoft specifications
- Establishes reputation in Windows 8.0 and later, Internet Explorer 9 and later, Microsoft Edge, and Microsoft SmartScreen® Application Reputation filter
- Increase user confidence by showing the identity of the signing party before applications are run
- Protects private key from theft via hardware token and PIN
- Supports all major 32-bit/64-bit formats, including Microsoft Authenticode (kernel and user mode files, like .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications
- Includes timestamp functionality for continued operation even after the code signing certificate has expired
What changed?
Starting June 1, 2023, the CA/B Forum changed the OV Code Signing regulations to require all Certificate Authorities (CAs) to ensure that the subscriber’s private key is generated, stored, and used in suitable FIPS-compliant hardware.
Requirements for private keys used with EV code signing certificates have been stronger than OV code signing certificates which are more relaxed.
The new rules are intended to reduce the potential misuse of code signing certificates and to further protect those certificates from getting into the wrong hands by making key protection requirements for OV code signing certificates the same as EV code signing certificates.
As of June 1, 2023, you will no longer be able to issue your standard OV code signing certificates. All code signing certificates issued after June 1, 2023 will be:
Installed on a token and shipped securely to the requester
Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. USB tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.
Intuitive Dashboard
In our customer dashboard, you'll be able to view all products you have with Sectigo, view their lifecycle status, issue or reissue, and renew expiring certificates, saving you time and fear that an expired certificate may down your site at an unexpected time.
Trusted by Leading Brands Globally
Securing some of the world’s largest and best-known brands.
How they work
Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts, and libraries, to confirm that the software has not been tampered with by any outside source. The code signing process works by using public key cryptography and code hash functioning to digitally sign data, verify identity, and confirm the software code’s integrity is valid. The end user will receive an error or warning if the code does not have a valid digital signature.
FAQs
Have another question?
Reach us by chat in the lower-right corner.
A code signing certificate allows software developers to add digital signatures to code and to include information about themselves and the integrity of their code within their software. The end users that download digitally signed 32-bit or 64-bit executable files (.exe, .ocx, .dll, .cab, and more) can be confident that the code really comes from a verified developer and there was no tampering by a third party since it was signed.
Extended validation code signing certificates work the same way as organization validation (OV) code signing certificates but they require a more comprehensive vetting process before a certificate is issued.
A code signing service is an online cloud-based solution which provides signatures for code binaries. The developer’s certificate is maintained securely in the cloud. The developer or signee does not have to send the entire file to be signed, a hash code will suffice. The service provides security, convenience, and scalability.
There are certain requirements that need to be fulfilled to validate one’s code signing certificate. The three main things that must be verified before issuance of a code signing certificate are:
1. The legal existence of the organization or individual named in the Organization field of the certificate must be verified.
2. The email to which the code signing certificate is to be sent must be someone@domain.com, where domain.com is owned by the organization named in the certificate.
3. A callback must be made to a verified telephone number for the organization or individual named in the certificate in order to verify that the person placing the order is an authorized representative of the organization.
As of June 1, 2023 Code Signing certificates will be:
- Installed on a Sectigo token and shipped securely to the customer.
- Available as a download to be installed on the customer’s own HSM. The hardware devices (e.g. tokens, HSMs, etc.) must be FIPS-compliant and support externally verifiable key attestation.
Code Signing certificates are installed on a physical token and shipped to your location. We can only provide full refunds for products that have not been shipped. Once a product has shipped and within 30-days from order, we will refund the product cost, less shipping and token cost.
A Sectigo® code signing certificate starts at $209 per year when customers choose the three-year option. The cost goes up for shorter time periods and for EV code signing certificates.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
