SSL Dragon Single

Comodo Code Signing

Comodo logo
Billed
for
PayPalCredit/Debit Card via StripeBitcoin, Ethereum & Altcoins
A cheaper icon
Want Cheaper?
Buy Multiple Years
Dedicated Support
GLEIF logo representing the Global Legal Entity Identifier Foundation
25 Days Refund

The Comodo Code Signing Certificate is issued by Sectigo (formerly Comodo CA), one of the world’s largest commercial Certificate Authorities. It allows software developers and organizations to digitally sign their executables, scripts, and applications, verifying publisher identity and protecting code integrity. Once your software carries a valid digital signature, the “Unknown Publisher” warning that discourages downloads is replaced with your verified name, giving users the confidence to proceed. All purchases include a 25-day money-back guarantee.

validation icon
Business / Individual Validation
clock icon
Issued in 1-7 business days
mobile icon
Mobile friendly
trust-icon
Unlimited free reissues
Code Signing
Protects code; Keeps users safe
Emails & Documents
Verify Identity: Make your software more accessible
LEI code icon
Speed up with LEI: Quick Validation
paperwork icon
Validation methods: DV (EMAIL, DNS, HTTP / HTTPS) and EV (Public databases / Paperwork)

Key Features and Benefits of the Comodo Code Signing Certificate

  • Organization and Individual Validation. The Comodo Code Signing Certificate is available with Organization Validation (OV) for registered businesses and Individual Validation (IV) for independent developers. OV requires the CA to verify your business registration, physical address, and phone number through government databases or approved third-party directories. IV requires a government-issued photo ID along with a notarized document or selfie-based identity check. Sectigo is one of the few Certificate Authorities that still offers an individual code signing certificate, making this product accessible whether you operate as a registered company or as a solo developer. Validation typically completes within 1 to 3 business days.
  • Publisher Identity and Trust. Every time a user downloads or installs your signed software, their operating system displays your verified organization or individual name as the publisher. This replaces the “Unknown Publisher” warning that browsers and platforms show for unsigned code. Removing that warning directly improves download completion rates and builds long-term trust in your software brand.
  • Code Integrity Protection. The Comodo Code Signing Certificate generates a digital signature using SHA-2 (SHA-256) hashing and a 3072-bit RSA public key. This signature is cryptographically bound to the contents of your file. If anyone modifies the code after signing, even by a single byte, the signature breaks and users are warned that the software has been tampered with.
  • Timestamping. The certificate supports SHA-2 timestamping, which records the exact date and time of each signing event. This is critical because it keeps your digital signatures valid indefinitely, even after the certificate itself expires. Without a timestamp, all signatures made with an expired certificate become invalid, and users would see warnings when trying to install previously signed software.

Unlimited Signing. There are no restrictions on the number of files you can sign during the certificate’s validity period. Whether you sign one application or hundreds of builds, there are no per-file fees or signing caps.

Supported Platforms and File Types

The Comodo Code Signing Certificate works across all major signing platforms, supporting both 32-bit and 64-bit portable executables. The table below lists the platforms and file types you can sign.

Platform Supported File Types
Microsoft Authenticode .exe, .dll, .cab, .msi, .ocx, .sys, kernel-mode software
Java .jar files
Adobe AIR Adobe AIR applications and plug-ins
Microsoft Office VBA macros
Mozilla Mozilla objects and plug-ins
Microsoft Silverlight Silverlight applications

For Windows code signing via Microsoft Authenticode, the standard tool is Microsoft’s SignTool.exe, which is included in the Windows SDK. For Java, signing is handled through Jarsigner. Detailed setup instructions for each platform are available in our code signing tutorials.

Private Key Storage and Delivery Options

Since June 2023, the CA/Browser Forum requires all code signing certificate private keys to be generated and stored on a hardware security module (HSM) or token that meets the NIST FIPS 140-2 Level 2 or Common Criteria EAL 4+ standards. This is an industry-wide requirement that applies to every Certificate Authority, not just Sectigo.

When you purchase a Comodo Code Signing Certificate, you can choose from the following delivery methods:

  1. CA-shipped USB token. Sectigo ships a preconfigured FIPS-compliant eToken with your certificate and private key already installed. You plug it into your computer and start signing immediately. This is the simplest option and what we recommend for most buyers.
  2. Install on an existing HSM or token. If you already own a compliant hardware device such as a YubiKey 5 FIPS or a Luna Network HSM, you can download the certificate and install it on your existing hardware.
  3. Cloud HSM. For teams using automated build pipelines, the certificate can also be installed on cloud-based HSMs including Google Cloud KMS. This option integrates with CI/CD workflows where a physical token connected to a build server is not practical.

Token shipping is available within the United States and Canada as standard, with international shipping offered at additional cost. Expedited shipping options are also available depending on your region.

Comodo Code Signing vs. Comodo EV Code Signing

Sectigo offers two tiers of code signing under the Comodo brand: the standard OV certificate covered on this page and the Comodo EV Code Signing Certificate, which provides Extended Validation. The comparison below covers the practical differences.

Feature Comodo Code Signing (OV/IV) Comodo EV Code Signing
Validation Level Organization or Individual Extended Validation (organizations only)
Issuance Time 1–3 business days 1–7 business days
Unknown Publisher Warning Removed Removed
Microsoft SmartScreen Reputation Builds organically over time Higher initial trust level, but still builds organically since March 2024
Windows Kernel-Mode Driver Signing Not supported Supported (required by Microsoft)
Private Key Storage FIPS 140-2 Level 2 HSM or token FIPS 140-2 Level 2 HSM or token
Starting Price $219/yr $287/yr

A note on Microsoft SmartScreen: prior to March 2024, EV certificates provided instant SmartScreen reputation. Microsoft has since changed this behavior. Both OV and EV now build reputation organically through download volume and publisher history, though EV still carries a higher initial trust level.

EV is required if you need to sign Windows kernel-mode drivers or if you want the strongest available identity assurance for enterprise distribution. For most other use cases, the standard Comodo Code Signing Certificate provides everything you need at a lower cost.

Is Comodo Code Signing the Same as Sectigo Code Signing?

Yes. Comodo CA was acquired by Francisco Partners in 2017 and officially rebranded to Sectigo in November 2018. The certificates, root trust chains, validation procedures, and issuing infrastructure are identical. When you purchase a Comodo Code Signing Certificate, Sectigo is the Certificate Authority that validates your identity and issues the certificate.

The Comodo product name remains in the catalog because of its strong brand recognition among developers and IT professionals. Functionally, there is no difference between a “Comodo” and a “Sectigo” code signing certificate. If you prefer to shop under the current brand name, you can also find the same product on our Sectigo Code Signing Certificate page.

Frequently Asked Questions

What is a Comodo Code Signing Certificate?

It is a digital certificate from Sectigo that lets you digitally sign software, scripts, and executables. It verifies your identity as the software publisher and protects code integrity by detecting any tampering after signing.

What file types can I sign with Comodo Code Signing?

You can sign Microsoft Authenticode files (.exe, .dll, .cab, .msi, .ocx, .sys), Java .jar files, Adobe AIR applications, Microsoft Office VBA macros, Mozilla objects, and Silverlight applications. The certificate supports both 32-bit and 64-bit executables.

How long does validation take?

Organization Validation typically takes 1 to 3 business days. Individual Validation takes a similar timeframe depending on how quickly you submit the required documents. Having your business listed in a recognized directory such as Dun & Bradstreet, the Better Business Bureau, or a government registration database can speed up the process. For a step-by-step walkthrough, see our Sectigo/Comodo code signing validation guide.

Do I need a hardware token or HSM?

Yes. Since June 2023, all publicly trusted code signing certificates require the private key to be stored on FIPS 140-2 Level 2 (or Common Criteria EAL 4+) compliant hardware. You can receive a preconfigured USB token shipped by the CA, install the certificate on your own compliant HSM or YubiKey, or use a supported cloud HSM such as Google Cloud KMS.

Will Comodo Code Signing remove Microsoft SmartScreen warnings?

Signing your software removes the “Unknown Publisher” warning that appears during installation. SmartScreen reputation is a separate mechanism that builds organically based on download volume and publisher history. Neither OV nor EV certificates guarantee instant SmartScreen trust. Consistently signing your releases and growing your install base is the most effective approach.

What is the difference between Comodo Code Signing and Comodo EV Code Signing?

The standard Comodo Code Signing Certificate uses Organization or Individual Validation, while the EV version requires Extended Validation (available to organizations only). EV is required for signing Windows kernel-mode drivers and provides a higher initial trust level with Microsoft SmartScreen. See the comparison table above for a full feature breakdown.

How long is the certificate valid?

Multi-year packages are available at checkout. As of February 2026, the CA/Browser Forum has set a maximum certificate validity of 459 days per issuance. If you purchase a multi-year package, you will need to renew and reissue the certificate annually (we send reminders 30 days before each reissuance is due). Importantly, timestamping ensures that all your previously signed files remain trusted even after a certificate expires or is reissued.

Refund

25 days

Certificate Encryption

Up to 256-bit

Key Encryption

2048 bit

Secure Hash Algorithm

SHA-2

Our Clients & Key Figures

Volvo logo
Netflix logo with a red background, displaying the text Netflix in white.
Koton logo featuring stylized text and a light background.
Dufry logo
Phillips logo
Northrop Grumman Logo
Yale logo
Harvard logo
Oxford Logo
Rockefeller Logo
Goodwill Logo
Sapient Logo
Hawaii Logo
Army Logo
Force Logo
Schneider Logo
Cisco Logo
Cornell Logo

Rated 4.8 out of 5 by 1232 customers

avatar-male-2
Christopher Broderick
June 15, 2022, , united kingdom
Great selection of certificates with a clear definition of properties for each certificate makes it easy to choose the right one.
avatar-male-4
Munro James
October 31, 2020, Victoria, AU

Easier and cheaper than going directly and ordering via the vendor, thank you for the information and the simple shopping experience.

avatar-female-3
Kelly Mark
October 29, 2020, Dublin, IE

Excellent customer service when I ordered the wrong cert! The support team then helped me get the correct cert and refunded me on the incorrect cert I bought! Very fast and a happy customer.

Real customers ratings and reviews at Shopper Approved. Read them all.