SSL Dragon Single

Comodo EV Code Signing

Comodo logo
Billed
for
PayPalCredit/Debit Card via StripeBitcoin, Ethereum & Altcoins
A cheaper icon
Want Cheaper?
Buy Multiple Years
Dedicated Support
GLEIF logo representing the Global Legal Entity Identifier Foundation
25 Days Refund

Comodo EV Code Signing is an Extended Validation (EV) code signing certificate issued by Sectigo, the CA formerly known as Comodo CA since its November 2018 rebrand. It digitally signs your executables, drivers, applications, and scripts, replacing the “Unknown Publisher” warning with your verified publisher name and protecting your code from tampering.

Your private key is generated and stored on a FIPS 140-2 Level 2 (a U.S. government cryptographic security standard) compliant hardware device, either a USB token or your existing Hardware Security Module (HSM), a dedicated device for secure key storage. It can never be copied or stolen from a networked machine.

Combined with rigorous organizational vetting, this certificate is the strongest trust signal you can attach to your software. Sectigo verifies your organization’s legal registration, physical address, and operational existence, and confirms the authority of the individual requesting the certificate. Having a Legal Entity Identifier (LEI) can speed up the vetting process.

validation icon
Extended Validation
clock icon
Issued in 1-2 business days
mobile icon
Mobile friendly
trust-icon
Unlimited free reissues
Code Signing
Protects code; Keeps users safe
Emails & Documents
Verify Identity: Make your software more accessible
LEI code icon
Speed up with LEI: Quick Validation
paperwork icon
Validation methods: DV (EMAIL, DNS, HTTP / HTTPS) and EV (Public databases / Paperwork)

Is this the same as Sectigo EV Code Signing? Yes. Comodo CA rebranded to Sectigo in November 2018. This certificate is issued by Sectigo under the legacy Comodo product name. The root chain, validation process, and technical specifications are identical to the Sectigo-branded version. If you’ve searched for “Comodo code signing” or “Comodo EV certificate,” you’re in the right place.

Comodo EV Code Signing Certificate Benefits

  • Microsoft SmartScreen reputation. Signing with the Comodo EV certificate attaches your verified publisher name to every download, replacing the “Unknown Publisher” warning Windows users see when installing new software. Note: since March 2024, EV certificates no longer instantly bypass SmartScreen warnings, but they remain the highest-trust certificate type for building file reputation over time.
  • Tamper-proof digital signatures. Each signature applies a SHA-2 hash to your code, encrypted with your private key. If anyone modifies your software after signing, injects malware, or alters functionality, the signature breaks, and the user’s OS displays a warning. Your brand reputation stays protected.
  • Hardware-based private key protection. Unlike standard OV code signing, the Comodo EV certificate requires your private key to live on a FIPS 140-2 Level 2 compliant device. Choose between a preconfigured USB token (shipped to US, Canada, and international addresses) or installation on your existing HSM (Luna, YubiKey 5 FIPS, Google Cloud KMS, and other compliant modules). The key is non-exportable — it never leaves the hardware. You sign code using tools like Microsoft SignTool alongside the SafeNet Authentication Client that interfaces with your token.
  • Timestamping included. Every signature can include a trusted timestamp that preserves its validity indefinitely, even after your certificate expires. Without timestamping, your users would see warnings the moment the certificate’s validity period ends.
  • Cross-platform signing. One certificate covers Microsoft Authenticode (.exe, .dll, .cab, .msi, .ocx: 32-bit and 64-bit), Windows kernel-mode drivers, Java, Adobe AIR, Apple applications and plug-ins, Mozilla objects, Microsoft Office VBA macros, and Silverlight, with 99.3% browser compatibility.
  • CA/B Forum compliant encryption. RSA 3072-bit signature key (minimum), SHA-2 hashing, and optional Elliptic Curve Cryptography (ECC), meeting the latest NIST and CA/Browser Forum security standards.
  • Required for Windows kernel-mode drivers. An EV code signing certificate is the only certificate type accepted to register with the Windows Hardware Developer Center Dashboard. All kernel-mode drivers targeting Windows 10 (Build 1607+) must be submitted through the Dashboard for Microsoft co-signing, and that access requires a valid EV certificate on your account.
  • Annual reissuance on multi-year plans. Since February 2026, the CA/Browser Forum caps all code signing certificates at 459 days per issuance. If you purchase a multi-year plan, you’ll reissue once per year, the certificate and private key remain on your existing hardware token or HSM. We send reminders 30 days before each reissuance is due.

Comodo EV vs. OV Code Signing

OV Code Signing Comodo EV Code Signing
Validation Basic organization check Full legal, physical, and operational verification
Private key storage FIPS 140-2 hardware required (since June 2023) FIPS 140-2 Level 2 hardware required
SmartScreen reputation Builds organically Builds organically (post-March 2024)
Kernel-mode drivers Not accepted by Microsoft Required for Windows Hardware Developer Center
Publisher details shown Organization name Organization name, address, and jurisdiction
Issuance Typically faster 1–2 business days

 

Frequently Asked Questions

Is Comodo EV Code Signing the same as Sectigo EV Code Signing?

Comodo CA rebranded to Sectigo in November 2018. This certificate is issued by Sectigo under the legacy Comodo product name. The validation process, root trust chain, and technical specifications are identical to the Sectigo-branded version.

Can I sign Windows kernel-mode drivers with this certificate?

Yes. An EV code signing certificate is required to access the Windows Hardware Developer Center Dashboard, where all kernel-mode drivers for Windows 10 (Build 1607+) must be submitted for Microsoft co-signing.

Does EV code signing still bypass Microsoft SmartScreen instantly?

No. As of March 2024, Microsoft changed SmartScreen’s behavior. EV certificates no longer grant instant reputation. However, they remain the highest-trust certificate type and are still the recommended choice for building SmartScreen reputation.

What happens to my signed software when the certificate expires?

If you timestamped your code at signing (standard practice), the signature remains valid indefinitely. Code signed without a timestamp will trigger warnings after the certificate expires.

Can I export the private key from the USB token?

No. The private key is non-exportable by design. This is a CA/Browser Forum requirement for all code signing certificates since June 2023. If your signing workflow requires remote or CI/CD access, choose the HSM installation option instead.

I bought a multi-year plan. Do I need to do anything annually?

Yes. Since February 2026, code signing certificates are capped at 459 days per issuance. You’ll need to reissue annually. We send email reminders 30 days in advance, and the revalidation process is typically faster than the initial issuance.

Can I use this certificate in a CI/CD pipeline or automated build environment?

Yes, with one important constraint. If your certificate lives on a USB token, signing requires the token to be physically connected to the machine running the build — it cannot be accessed over Remote Desktop (RDP). For automated pipelines (GitHub Actions, Azure DevOps, Jenkins), choose the HSM installation option, which supports remote and cloud-based signing workflows. Contact support before ordering if you need to confirm HSM compatibility with your environment.

What file formats can I sign with this certificate?

The certificate supports all major executable and script formats: .exe, .dll, .cab, .msi, .ocx, .xpi, and .xap (32-bit and 64-bit), Windows kernel-mode and user-mode drivers, Java applets, Adobe AIR applications, Apple applications and plug-ins, Mozilla objects, Microsoft Office VBA macros, and Microsoft Silverlight applications.

Refund

25 days

Certificate Encryption

Up to 256-bit

Key Encryption

2048 bit

Secure Hash Algorithm

SHA-2

Our Clients & Key Figures

Volvo logo
Netflix logo with a red background, displaying the text Netflix in white.
Koton logo featuring stylized text and a light background.
Dufry logo
Phillips logo
Northrop Grumman Logo
Yale logo
Harvard logo
Oxford Logo
Rockefeller Logo
Goodwill Logo
Sapient Logo
Hawaii Logo
Army Logo
Force Logo
Schneider Logo
Cisco Logo
Cornell Logo

Rated 4.8 out of 5 by 1239 customers

avatar-male-2
Christopher Broderick
June 15, 2022, , united kingdom
Great selection of certificates with a clear definition of properties for each certificate makes it easy to choose the right one.
avatar-male-2
Munro James
October 31, 2020, Victoria, AU

Easier and cheaper than going directly and ordering via the vendor, thank you for the information and the simple shopping experience.

avatar-female-3
Kelly Mark
October 29, 2020, Dublin, IE

Excellent customer service when I ordered the wrong cert! The support team then helped me get the correct cert and refunded me on the incorrect cert I bought! Very fast and a happy customer.

Real customers ratings and reviews at Shopper Approved. Read them all.