Key Features and Benefits of the Comodo Code Signing Certificate
- Organization and Individual Validation. The Comodo Code Signing Certificate is available with Organization Validation (OV) for registered businesses and Individual Validation (IV) for independent developers. OV requires the CA to verify your business registration, physical address, and phone number through government databases or approved third-party directories. IV requires a government-issued photo ID along with a notarized document or selfie-based identity check. Sectigo is one of the few Certificate Authorities that still offers an individual code signing certificate, making this product accessible whether you operate as a registered company or as a solo developer. Validation typically completes within 1 to 3 business days.
- Publisher Identity and Trust. Every time a user downloads or installs your signed software, their operating system displays your verified organization or individual name as the publisher. This replaces the “Unknown Publisher” warning that browsers and platforms show for unsigned code. Removing that warning directly improves download completion rates and builds long-term trust in your software brand.
- Code Integrity Protection. The Comodo Code Signing Certificate generates a digital signature using SHA-2 (SHA-256) hashing and a 3072-bit RSA public key. This signature is cryptographically bound to the contents of your file. If anyone modifies the code after signing, even by a single byte, the signature breaks and users are warned that the software has been tampered with.
- Timestamping. The certificate supports SHA-2 timestamping, which records the exact date and time of each signing event. This is critical because it keeps your digital signatures valid indefinitely, even after the certificate itself expires. Without a timestamp, all signatures made with an expired certificate become invalid, and users would see warnings when trying to install previously signed software.
Unlimited Signing. There are no restrictions on the number of files you can sign during the certificate’s validity period. Whether you sign one application or hundreds of builds, there are no per-file fees or signing caps.
Supported Platforms and File Types
The Comodo Code Signing Certificate works across all major signing platforms, supporting both 32-bit and 64-bit portable executables. The table below lists the platforms and file types you can sign.
| Platform | Supported File Types |
|---|---|
| Microsoft Authenticode | .exe, .dll, .cab, .msi, .ocx, .sys, kernel-mode software |
| Java | .jar files |
| Adobe AIR | Adobe AIR applications and plug-ins |
| Microsoft Office | VBA macros |
| Mozilla | Mozilla objects and plug-ins |
| Microsoft Silverlight | Silverlight applications |
For Windows code signing via Microsoft Authenticode, the standard tool is Microsoft’s SignTool.exe, which is included in the Windows SDK. For Java, signing is handled through Jarsigner. Detailed setup instructions for each platform are available in our code signing tutorials.
Private Key Storage and Delivery Options
Since June 2023, the CA/Browser Forum requires all code signing certificate private keys to be generated and stored on a hardware security module (HSM) or token that meets the NIST FIPS 140-2 Level 2 or Common Criteria EAL 4+ standards. This is an industry-wide requirement that applies to every Certificate Authority, not just Sectigo.
When you purchase a Comodo Code Signing Certificate, you can choose from the following delivery methods:
- CA-shipped USB token. Sectigo ships a preconfigured FIPS-compliant eToken with your certificate and private key already installed. You plug it into your computer and start signing immediately. This is the simplest option and what we recommend for most buyers.
- Install on an existing HSM or token. If you already own a compliant hardware device such as a YubiKey 5 FIPS or a Luna Network HSM, you can download the certificate and install it on your existing hardware.
- Cloud HSM. For teams using automated build pipelines, the certificate can also be installed on cloud-based HSMs including Google Cloud KMS. This option integrates with CI/CD workflows where a physical token connected to a build server is not practical.
Token shipping is available within the United States and Canada as standard, with international shipping offered at additional cost. Expedited shipping options are also available depending on your region.
Comodo Code Signing vs. Comodo EV Code Signing
Sectigo offers two tiers of code signing under the Comodo brand: the standard OV certificate covered on this page and the Comodo EV Code Signing Certificate, which provides Extended Validation. The comparison below covers the practical differences.
| Feature | Comodo Code Signing (OV/IV) | Comodo EV Code Signing |
|---|---|---|
| Validation Level | Organization or Individual | Extended Validation (organizations only) |
| Issuance Time | 1–3 business days | 1–7 business days |
| Unknown Publisher Warning | Removed | Removed |
| Microsoft SmartScreen Reputation | Builds organically over time | Higher initial trust level, but still builds organically since March 2024 |
| Windows Kernel-Mode Driver Signing | Not supported | Supported (required by Microsoft) |
| Private Key Storage | FIPS 140-2 Level 2 HSM or token | FIPS 140-2 Level 2 HSM or token |
| Starting Price | $219/yr | $287/yr |
A note on Microsoft SmartScreen: prior to March 2024, EV certificates provided instant SmartScreen reputation. Microsoft has since changed this behavior. Both OV and EV now build reputation organically through download volume and publisher history, though EV still carries a higher initial trust level.
EV is required if you need to sign Windows kernel-mode drivers or if you want the strongest available identity assurance for enterprise distribution. For most other use cases, the standard Comodo Code Signing Certificate provides everything you need at a lower cost.
Is Comodo Code Signing the Same as Sectigo Code Signing?
Yes. Comodo CA was acquired by Francisco Partners in 2017 and officially rebranded to Sectigo in November 2018. The certificates, root trust chains, validation procedures, and issuing infrastructure are identical. When you purchase a Comodo Code Signing Certificate, Sectigo is the Certificate Authority that validates your identity and issues the certificate.
The Comodo product name remains in the catalog because of its strong brand recognition among developers and IT professionals. Functionally, there is no difference between a “Comodo” and a “Sectigo” code signing certificate. If you prefer to shop under the current brand name, you can also find the same product on our Sectigo Code Signing Certificate page.
Frequently Asked Questions
What is a Comodo Code Signing Certificate?
It is a digital certificate from Sectigo that lets you digitally sign software, scripts, and executables. It verifies your identity as the software publisher and protects code integrity by detecting any tampering after signing.
What file types can I sign with Comodo Code Signing?
You can sign Microsoft Authenticode files (.exe, .dll, .cab, .msi, .ocx, .sys), Java .jar files, Adobe AIR applications, Microsoft Office VBA macros, Mozilla objects, and Silverlight applications. The certificate supports both 32-bit and 64-bit executables.
How long does validation take?
Organization Validation typically takes 1 to 3 business days. Individual Validation takes a similar timeframe depending on how quickly you submit the required documents. Having your business listed in a recognized directory such as Dun & Bradstreet, the Better Business Bureau, or a government registration database can speed up the process. For a step-by-step walkthrough, see our Sectigo/Comodo code signing validation guide.
Do I need a hardware token or HSM?
Yes. Since June 2023, all publicly trusted code signing certificates require the private key to be stored on FIPS 140-2 Level 2 (or Common Criteria EAL 4+) compliant hardware. You can receive a preconfigured USB token shipped by the CA, install the certificate on your own compliant HSM or YubiKey, or use a supported cloud HSM such as Google Cloud KMS.
Will Comodo Code Signing remove Microsoft SmartScreen warnings?
Signing your software removes the “Unknown Publisher” warning that appears during installation. SmartScreen reputation is a separate mechanism that builds organically based on download volume and publisher history. Neither OV nor EV certificates guarantee instant SmartScreen trust. Consistently signing your releases and growing your install base is the most effective approach.
What is the difference between Comodo Code Signing and Comodo EV Code Signing?
The standard Comodo Code Signing Certificate uses Organization or Individual Validation, while the EV version requires Extended Validation (available to organizations only). EV is required for signing Windows kernel-mode drivers and provides a higher initial trust level with Microsoft SmartScreen. See the comparison table above for a full feature breakdown.
How long is the certificate valid?
Multi-year packages are available at checkout. As of February 2026, the CA/Browser Forum has set a maximum certificate validity of 459 days per issuance. If you purchase a multi-year package, you will need to renew and reissue the certificate annually (we send reminders 30 days before each reissuance is due). Importantly, timestamping ensures that all your previously signed files remain trusted even after a certificate expires or is reissued.
