SSL Dragon Single

GoGetSSL Code Signing EV SSL

GoGetSSL Logo
PayPalCredit/Debit Card via StripeBitcoin, Ethereum & Altcoins
Dedicated Support
GLEIF logo representing the Global Legal Entity Identifier Foundation
25 Days Refund

GoGetSSL Code Signing EV SSL is an Extended Validation code signing certificate built for organizations that need the strongest publisher identity verification available. It digitally signs your software, scripts, drivers, and executables with your verified company name, replacing Unknown Publisher warnings with a clear trust signal that encourages downloads and installations.

Issued through GoGetSSL’s Sectigo-rooted certificate chain, this certificate combines SHA-2 digital signatures, a 2048-bit RSA signing key, and FIPS 140-2 compliant hardware token delivery. It is available exclusively to registered businesses and organizations.

validation icon
Extended Validation
clock icon
Issued in 1-7 business days
mobile icon
Mobile friendly
trust-icon
Unlimited free reissues
Code Signing
Protects code; Keeps users safe
Emails & Documents
Verify Identity: Make your software more accessible
LEI code icon
Speed up with LEI: Quick Validation
paperwork icon
Validation methods: DV (EMAIL, DNS, HTTP / HTTPS) and EV (Public databases / Paperwork)

Key Features

  • Verified Publisher identity. Every file you sign displays your organization’s validated name in the digital signature. Users see your company as the confirmed source instead of an Unknown Publisher warning, which directly increases installation rates and user confidence.
  • SHA-2 digital signatures. The certificate uses SHA-2 hashing and a 2048-bit RSA signing key for strong, industry-standard cryptographic protection. Elliptic Curve Cryptography (ECC) is also available as an alternative signing algorithm for organizations that require it.
  • FIPS 140-2 hardware token. Your private key ships on a tamperproof USB eToken that meets FIPS 140-2 Level 2 requirements set by the CA/B Forum and NIST. If you already own a compatible token or HSM (Hardware Security Module), you can install the certificate on your existing device instead.
  • Timestamping. Adding a timestamp during signing locks in the signature’s validity at the moment of signing. Files you timestamp remain trusted even after the certificate expires, so your users never see outdated-signature warnings on previously distributed software.
  • Unlimited signing. There are no per-file fees or usage caps. One GoGetSSL Code Signing EV SSL certificate covers every executable, driver, script, and applet you need to sign.
  • No CSR required. GoGetSSL uses a streamlined enrollment process. You do not need to generate a Certificate Signing Request, which simplifies setup compared to certificates that require manual CSR creation.
  • 99.3% compatibility. The certificate works across desktop and mobile platforms without triggering browser or antivirus warnings, ensuring your signed software installs cleanly for virtually all users.

Supported Platforms and File Formats

GoGetSSL Code Signing EV SSL covers the major signing platforms and file types used in software distribution today.

  • Platforms. Microsoft Authenticode, Java (JAR signing), Adobe AIR, Apple macOS, Mozilla objects, Microsoft Office VBA, and Microsoft Silverlight (XAP). This range covers the vast majority of desktop, mobile, and enterprise signing workflows.
  • File formats. .exe, .dll, .cab, .msi, .ocx, .xpi, .xap, .jar, and kernel-mode software. Both 32-bit and 64-bit executables are supported.
  • Windows driver signing. EV code signing is required for access to the Windows Hardware Developer Center portal and for signing kernel-mode drivers on Windows 10 and Windows 11. If you develop or distribute Windows drivers, an EV code signing certificate is not optional.

EV Validation Process

Extended Validation for code signing involves a thorough verification of your organization’s legal identity before the certificate is issued. This is the most rigorous validation tier available.

The process starts with the certificate authority confirming your organization’s legal existence through government databases and Qualified Information Sources (QIIS). A phone callback to a verified number listed in an independent directory completes the identity check. Unlike standard (OV) code signing, which is available to both individuals and organizations with a simpler verification step, EV code signing is restricted to registered businesses.

Typical issuance takes 1 to 3 business days when documentation is complete. GoGetSSL can expedite the process to as little as a few hours in some cases. Organizations with a Legal Entity Identifier (LEI) code may see faster verification, as GoGetSSL supports LEI-based lookups to accelerate the organization validation step.

Private Key Security and Hardware Requirements

Since June 2023, the CA/B Forum requires all code signing certificates, both EV and non-EV, to store private keys on hardware that meets FIPS 140-2 Level 2 or Common Criteria EAL 4+ standards. This industry-wide mandate was introduced to reduce the risk of key compromise, which had been the primary attack vector in high-profile code signing breaches where stolen software-stored keys were used to sign malware.

For GoGetSSL Code Signing EV SSL, the most common delivery method is a preconfigured USB eToken shipped to your address via mail. You plug the token into your computer and sign files using your preferred tool (SignTool.exe, JarSigner, or similar). The private key never leaves the hardware device and cannot be exported.

If you already own a FIPS-compliant hardware token or HSM, you can choose to install the certificate on your existing device. Note that only specific token and HSM models are supported for this option. Check with support to confirm compatibility before selecting this delivery method.

This hardware requirement is now standard for the entire code signing industry. The difference between EV and OV code signing is no longer about key storage (both require hardware) but about the depth of organization validation and the trust indicators that come with it.

Microsoft SmartScreen and EV Code Signing

In March 2024, Microsoft announced changes to how SmartScreen interacts with EV code signing certificates. Beginning in August 2024, Microsoft began removing EV Code Signing OIDs from existing roots in the Trusted Root Program, moving toward treating all code signing certificates equally for SmartScreen reputation purposes.

This means EV code signing no longer guarantees an instant SmartScreen reputation bypass. SmartScreen trust now builds organically based on download volume and usage patterns, regardless of whether the signing certificate is EV or OV.

What EV code signing still provides: the highest level of publisher identity verification, your verified organization name displayed in the digital signature, and the strongest trust signal available for software distribution. It also remains a requirement for Windows kernel-mode driver signing and access to the Hardware Developer Center portal. The validation rigor behind EV has not changed; what changed is one specific Microsoft SmartScreen behavior.

Many pages selling EV code signing certificates still claim that EV provides instant SmartScreen bypass. That information is outdated and may lead to purchasing decisions based on a feature that no longer works as described.

GoGetSSL Code Signing EV SSL vs. Alternatives

vs. GoGetSSL Code Signing SSL (standard). The standard GoGetSSL Code Signing SSL is available to both individuals and organizations at a lower price point. Since June 2023, it uses the same hardware key storage as EV. The difference is validation depth: EV requires thorough organization verification and displays your verified company name, while OV uses a simpler identity check. EV is also required for Windows kernel-mode driver signing.

vs. GoGetSSL Cloud Code Signing. The cloud option eliminates the physical USB token entirely. It’s powered by DigiCert’s infrastructure and supports CI/CD pipeline integration, making it a better fit for distributed development teams. However, cloud code signing includes up to 1,000 signings per purchase (with additional credits available), while the token-based EV certificate offers unlimited signing. For single-developer or small-team workflows where a physical token is practical, the standard EV product is simpler and more cost-effective.

vs. DigiCert EV Code Signing. DigiCert is the premium option at a significantly higher price point. GoGetSSL EV code signing chains to Sectigo roots, while DigiCert certificates use DigiCert’s own root. Both meet the same CA/B Forum baseline requirements. DigiCert offers its KeyLocker cloud signing service as an add-on. For buyers who do not need DigiCert-specific infrastructure or brand preference, GoGetSSL provides equivalent functionality at a lower cost.

FAQ

Who can get a GoGetSSL Code Signing EV SSL certificate?

Only registered businesses and organizations. The Extended Validation process requires verifiable legal entity status. Individual developers and sole proprietors who are not registered as businesses should choose GoGetSSL Code Signing SSL (standard) instead, which supports individual validation.

How long does issuance take?

Typically 1 to 3 business days once all documentation is submitted and the phone callback is completed. With complete, accurate documentation, GoGetSSL can sometimes expedite the process to a few hours.

Does EV code signing still bypass Microsoft SmartScreen instantly?

No. Since March 2024, Microsoft has been moving toward treating all code signing certificates equally for SmartScreen reputation. EV code signing remains the highest-trust certificate type, but it no longer guarantees an instant SmartScreen bypass. Reputation now builds organically through download volume.

Do I need to generate a CSR?

No. GoGetSSL handles key generation on the hardware token. There is no need to create a Certificate Signing Request yourself.

What happens when my certificate expires?

Files that were signed and timestamped while the certificate was valid remain trusted indefinitely. Files signed without a timestamp will trigger warnings once the certificate expires. Always use timestamping when signing. For step-by-step instructions, see our code signing tutorials.

Refund

25 days

Certificate Encryption

Up to 256-bit

Key Encryption

2048 bit

Our Clients & Key Figures

Volvo logo
Netflix logo with a red background, displaying the text Netflix in white.
Koton logo featuring stylized text and a light background.
Dufry logo
Phillips logo
Northrop Grumman Logo
Yale logo
Harvard logo
Oxford Logo
Rockefeller Logo
Goodwill Logo
Sapient Logo
Hawaii Logo
Army Logo
Force Logo
Schneider Logo
Cisco Logo
Cornell Logo

Rated 4.8 out of 5 by 1239 customers

avatar-male-5
Christopher Broderick
June 15, 2022, , united kingdom
Great selection of certificates with a clear definition of properties for each certificate makes it easy to choose the right one.
avatar-male-3
Munro James
October 31, 2020, Victoria, AU

Easier and cheaper than going directly and ordering via the vendor, thank you for the information and the simple shopping experience.

avatar-female-4
Kelly Mark
October 29, 2020, Dublin, IE

Excellent customer service when I ordered the wrong cert! The support team then helped me get the correct cert and refunded me on the incorrect cert I bought! Very fast and a happy customer.

Real customers ratings and reviews at Shopper Approved. Read them all.