Code Signing

All Business Validation Certificate Authorities Changes Code Signing Configuration CPAC CSR Code CSR Decoder CSR Generation Tutorials CSR Generator DigiCert Domain Validation Extended Validation General Install SSL Certificates Installation IP Address LEI Multi Domain Payments Private Key Renewal S/MIME Types Updates Wildcard
How to Generate CSR for a Code Signing Certificate?

Starting June 1st, 2023, improved security measures mandate that private keys for standard code signing certificates be exclusively stored on FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent certified hardware. This change aligns with the stringent protection standards of EV code signing certificates. Consequently, Certificate Authorities (CAs) ceased supporting browser-based key generation, CSR creation, and installation processes. Instead, opting for the token+ shipment method when requesting the certificate will prompt the CA to create the CSR. Those preferring HSM installation must refer to the instructions below or the respective provider’s guidelines.

Learn more about code signing certificate delivery methods.

Copy Link

How to Pass Organization Validation for a DigiCert/GoGetSSL Code Signing Certificate?

The DigiCert/GoGetSSL code signing Organization Validation (OV) process involves five steps:

  1. Organization Authentication: The CA confirms legal registration and active status, comparing information with official records or submitted documents.
  2. Physical Address Validation: DigiCert cross-references business addresses with government websites and reputable directories to ensure physical presence.
  3. Phone Number Verification: The Ca validates the organization’s phone number through third-party directories or official records.
  4. Verification Call: A DigiCert agent Initiates a call to the authorized representative, using a verified phone number, or provides a voicemail option if needed.
  5. Final Approval: The Ca internally reviews details and sends email instructions for certificate collection upon successful validation.

For full information, refer to our extensive guide on Organization Validation for Digicert/GoGetSSL certificates.

Copy Link

How to Pass Individual Validation for a GoGetSSL Code Signing Certificate?

To obtain a GoGetSSL code signing certificate as an individual, follow these steps:

Confirm Identity

Complete an attestation letter and undergo a video check using your webcam. The CA will verify your photo ID and your identity. If you don’t have a passport, provide two IDs: an official one with your photo and name, and a second one with your name.

Phone Verification

Verify your phone number’s validity and activity. A Google Business source is accepted.

Final Verification Call

Answer a few questions during a phone call with a CA agent to confirm your application details.

For more information check the full guide on how to pass Individual Validation for a GoGetSSL code signing certificate.

Copy Link

How to Pass Individual Validation for a Sectigo/Comodo Code Signing Certificate?

Here are the steps required to pass Individual Validation for a Sectigo/Comodo code signing certificate:

Photo ID Option:

  • Submit a government photo ID.
  • Send a selfie with your ID.
  • Open Sectigo ticket.
  • Receive the case number.

Face-to-Face Option:

  • Provide ID and financial proof.
  • Include non-financial address document.
  • Complete Personal Statement Declaration.
  • Notarize documents.
  • Open Sectigo ticket.
  • Get the case number.

Please note that this is a concise overview. Refer to the detailed Individual Validation instructions for Sectigo/Comodo Code Signing certificates.

Copy Link

What are the Code Signing Certificate Delivery Methods?

The latest Ca/Browser Forum guidelines require Code Signing certificates to be delivered on physical USB tokens or installed on an existing Hardware Security Module (HSM). Check the complete guide to code signing delivery methods for more details.

Copy Link

How Long Do Code Signing Certificates Last?

Code signing certificates have a validity period of 1 to 3 years. With SSL Dragon, you can save a considerable amount of money on each Code Signing Certificate when you buy a multi-year subscription. The longer the validity period, the lower the price, and less certificate maintenance is required. Don’t miss out on our discounts, offers, and promotions!

Copy Link

Do I Need Code Signing?

If you distribute software or scripts to users, you should get a code signing certificate. It will authenticate your code and protect against tampering, allowing users to access and use your digital products.

Copy Link

Can I Create My Own Code Signing Certificate?

You can create a code signing certificate, but it will be self-signed and not trusted by default on other systems. You should get a code signing certificate from a public CA for widespread trust and recognition.

Copy Link

How Much Does a Code Signing Certificate Cost?

The cost of a code signing certificate varies depending on the certificate authority (CA) and the type of certificate (Organization Validation or Extended Validation).

Copy Link

What Happens After Code Signing Certificate Expires?

The signed code remains valid, but users may see warnings or prompts indicating that the certificate has expired. You must obtain a new code signing certificate and re-sign your code to ensure continued trust and avoid warning messages.

Copy Link