GoGetSSL EV Code Signing

The CodeSigning certificate was specifically developed for increasing the trustworthiness of your software products. This type of certificate protects your digital downloadable goods, like scripts or codes, by signing them and guaranteeing their authenticity and integrity. This certification brings a greater level of your customers’ trust, by ensuring them that your content is safe and it belongs to your company. Moreover, the Authenticode Technology guarantees that if the code will be damaged after being signed, the digital signature will break and alert the client that the software is no longer credible.

CodeSigning certificates are Business Validation (BV) and Personal Validation SSL certificates. The Business Validation SSLs require Certificate Authority’s (CA’s) authentication through providing your company’s documents, along with performing domain validation by email. The Personal Validation requires personal identification verification of the owner. The entire validation process may take up to 2 or 3 business days to issue your CodeSigning certificate that will serve as a third party guarantee for the authenticity of your digital goods.

You can find our full list of CodeSigning certificates at this link.

The main differences between Sectigo/GoGetSSL EV Code Signing and a regular code signing certificate from Sectigo/GoGetSSL are the following two major features:

Extended Validation – offers the highest level of trust since Sectigo verifies the publisher’s authenticity rigorously

Two-factor authentication – the main requirement to store the private key on an external hardware token, provided by mail by Sectigo/GoGetSSL in order to avoid any unauthorized access or malicious usage. Since the private key is stored only on this token, this feature drastically reduces the number of people who can access it, therefore protecting the key from being compromised. 

When you configure your Sectigo/GoGetSSL Code Signing SSL Certificate, it is best to use some specific browsers for that. Here is an article that describes which browsers are best to use for configuring a Sectigo/GoGetSSL Code Signing Certificate.

When you configure your Sectigo/GoGetSSL Code Signing Certificate, make sure that “Advanced Private Key Options” is visible to you in the same way it is shown in the screenshot from the right. Internet Explorer is always a good option to configure your Sectigo/GoGetSSL Code Signing Certificate.

For Mac Users, please see the following 2 resources:

• How to Import and Export a Client Personal Authentication Certificate on Mac OS X Keychain Access
• Codesign Digital Signatures in Mac OS

Attention: The export instructions for Mac may produce a certificate that does not include the Root/Intermediate crt files. Please download the Root/Intermediate crt files and include them in the command for the Code Signing SSL.

Here are the steps that you need to do in order to reissue your Sectigo/GoGetSSL Code Signing Certificate:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Sectigo/GoGetSSL Code Signing Certificate initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Sectigo/GoGetSSL Code Signing SSL.
4) Follow the steps and instructions that come next, until you complete the Sectigo/GoGetSSL Code Signing Certificate reissue.

The Private Key was generated on your machine when you configured your Sectigo/GoGetSSL Code Signing Certificate initially. The screenshot from the right shows the page where you configured your Sectigo/GoGetSSL Code Signing Certificate initially. As you can see in the screenshot, you were given instructions on how to check and backup your Private Key.

If you lost your Private Key, then you have to reissue your Sectigo/GoGetSSL Code Signing Certificate. You can do that by following the next steps:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Sectigo/GoGetSSL Code Signing Certificate initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Sectigo/GoGetSSL Code Signing SSL.
4) Follow the steps and instructions that come next, until you complete the Sectigo/GoGetSSL Code Signing Certificate reissue.

When you configure or re-configure your Sectigo/GoGetSSL Code Signing SSL Certificate, it is best to use some specific browsers for that. Here is an article that describes which browsers are best to use for configuring a Sectigo/GoGetSSL Code Signing Certificate.

To add your Company Name and TAX/VAT number, you have to login into your SSL Dragon Account and follow these steps:

1. Click on the “Hello, *Your Name*” button on the right top side of your account dashboard and select “Edit Account Settings”;
2. On the ‘My Details’ page, you will find the ‘Company Name’ and ‘Company TAX/VAT ID’ field;
3. Fill in these fields with the necessary information then click on ’Save Changes’. 

After you perform the above steps, your SSL Dragon account and all your invoices will be automatically updated with this information.

SaveSave

A code signing SSL certificate can be issued to an organization or an individual. The Sectigo validation requirements vary depending on who requests the code signing certificate.

Organization Validation Requirements according to Sectigo:

Organization validation verifies the following:

• Operational existence
• Physical existence
• Government-issued photo ID of the requestor
• Business phone number
• Order Authenticity

Operational Existence:

The Certificate Authority (CA) will verify your organization’s legal status and or DBA (doing business as) via your legal registration and other third-party trusted sources such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

Physical Existence:

The CA will verify your business address using the same procedure and trusted sources as during the operational existence verification.

Government-Issued Photo ID:

A copy of a government-issued photo ID is required to verify the requestor (admin contact) on the order. For the verification, you need to provide two documents:

• A copy of a government-issued photo ID such as a valid driver’s license, passport, national ID, or military ID that includes the name which matches the name on the order.
• A photo of the requestor holding the government-issued photo ID. The photo must clearly show the face and the government photo ID that is readable and can be compared to the copy provided in the document.

Phone Number:

The CA will verify your phone number via trusted third-party databases. 

Order Validation

To validate your information, a validation agent will attempt a callback. A person of authority to request the certificate must confirm the order. If the validation agent can’t complete any of these requirements, an email will be sent explaining the issue and offering additional details for a resolution.

Individual Validation Requirements:

Individual Validation differs from organizational validation because you’re not proving business credentials but personal identity. Two options are available for individual validation:

Option 1 documents:

• Prove identity via a government-issued photo ID that includes an address that matches the name and address on the order.
• A photo of you holding the government-issued photo ID. The photo must clearly show your face and the government photo ID that is readable and can be compared to the copy provided in the document.

Option 2 documents:

• A Face to Face document explaining the specific instructions and requiring a notary to attest to and notarize the forms.
• A notarized copy of a valid driver’s license, passport, national ID, or military ID that includes your name and matches the name on the order.
• The Face to Face personal declaration statement
• The Face to Face confirming person statement

Note: The face-to-face verification form should be filled and signed by a Notary authorized to conduct business in your area/country. 

How to submit documents

You can submit the documents to Sectigo by using one of the following methods:

• Upload directly to your order
• Use the Validation Manager (Your confirmation email contains a link to your order called the Validation Manager.)
• Upload documents as attached files to a case that you create via a ticket at Sectigo.