Summer Savings on Website Security
All summer long, protect your website with trusted SSL certificates at reduced prices — simple, secure, and cost-effective.
Get 10% off with coupon: SUMMER10

Starting June 1st, 2023, improved security measures mandate that private keys for standard code signing certificates be exclusively stored on FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent certified hardware. This change aligns with the stringent protection standards of EV code signing certificates. Consequently, Certificate Authorities (CAs) ceased supporting browser-based key generation, CSR creation, and installation processes. Instead, opting for the token+ shipment method when requesting the certificate will prompt the CA to create the CSR. Those preferring HSM installation must refer to the instructions below or the respective provider’s guidelines.
Learn more about code signing certificate delivery methods.
Copy Link
The DigiCert/GoGetSSL code signing Organization Validation (OV) process involves five steps:
For full information, refer to our extensive guide on Organization Validation for Digicert/GoGetSSL certificates.
Copy Link
To obtain a GoGetSSL code signing certificate as an individual, follow these steps:
Complete an attestation letter and undergo a video check using your webcam. The CA will verify your photo ID and your identity. If you don’t have a passport, provide two IDs: an official one with your photo and name, and a second one with your name.
Verify your phone number’s validity and activity. A Google Business source is accepted.
Answer a few questions during a phone call with a CA agent to confirm your application details.
For more information check the full guide on how to pass Individual Validation for a GoGetSSL code signing certificate.
Copy Link
Here are the steps required to pass Individual Validation for a Sectigo/Comodo code signing certificate:
Please note that this is a concise overview. Refer to the detailed Individual Validation instructions for Sectigo/Comodo Code Signing certificates.
Copy Link
The latest Ca/Browser Forum guidelines require Code Signing certificates to be delivered on physical USB tokens or installed on an existing Hardware Security Module (HSM). Check the complete guide to code signing delivery methods for more details.
Code Singing ceritficate lfiespan depends on both the Certificate Authority and the delivery method you choose.
DigiCert and GoGetSSL code signing certificates are issued for one year, regardless of whether you use a CA-provided token or your own hardware device.
Sectigo/Comodo code signing certificates are also issued for one year when using a Sectigo-provided token. Multi-year plans (up to three years) are available only when using your own supported HSM.
Copy Link
Code signing certificate validity depends on the provider and where the private key is stored.
DigiCert and GoGetSSL issue code signing certificates with a fixed one-year validity. It doesn’t matter if you use a CA-provided token or your own HSM. The term is always one year.
Sectigo (Comodo) works differently. If you use a CA-provided token, the certificate is also limited to one year. But if you store the private key in your own HSM, you can get a certificate valid for up to three years.
Copy Link
If you distribute software or scripts to users, you should get a code signing certificate. It will authenticate your code and protect against tampering, allowing users to access and use your digital products.
Copy Link
You can create a code signing certificate, but it will be self-signed and not trusted by default on other systems. You should get a code signing certificate from a public CA for widespread trust and recognition.
Copy Link
The cost of a code signing certificate varies depending on the certificate authority (CA) and the type of certificate (Organization Validation or Extended Validation).
Copy Link
The signed code remains valid, but users may see warnings or prompts indicating that the certificate has expired. You must obtain a new code signing certificate and re-sign your code to ensure continued trust and avoid warning messages.
Copy Link