Sectigo Code Signing Certificate Features
- Publisher Identity Verification. The Sectigo Code Signing Certificate uses Organization Validation (OV), meaning Sectigo verifies your business identity before issuing the certificate. This validation process confirms your organization’s legal existence and operational status, so end users can see your verified publisher name when they install your software. Sectigo is also one of the few Certificate Authorities that offers an individual code signing certificate through Individual Validation (IV) for independent developers who don’t operate under a registered business. If you’re a solo developer, you can still get a Sectigo code signing certificate tied to your verified personal identity.
- No More Security Warnings. Once your code is signed, the digital signature replaces the “Unknown Publisher” warning with your actual company or developer name. Users see exactly who published the software and can verify that the code is intact. This has a direct impact on download rates, because most users will abandon an installation the moment a security warning appears.
- Free Timestamping. The certificate includes free timestamping, which records the exact time your code was signed. This is a practical feature that matters long-term: if you timestamp your digital signature, it remains valid even after the certificate itself expires. You won’t need to re-sign your software unless you change the code. Distributed applications stay trusted indefinitely.
- Unlimited Signing & Strong Encryption. There are no limits on how many files or applications you can sign with a single Sectigo Code Signing Certificate. One certificate covers your entire catalog for the duration of its validity period. The certificate uses SHA-256 hashing and supports 3072-bit or 4096-bit RSA key lengths, meeting all current industry encryption standards.
Platform Compatibility
The Sectigo Code Signing Certificate is fully compatible with Microsoft Authenticode, making it a trusted Windows code signing certificate for Windows 7, 8, 10, and 11. It also supports Java, Adobe AIR, Mozilla Objects, Microsoft Office VBA, Apple macOS, and Microsoft Silverlight. Note that kernel-mode driver signing for Windows 10 and later requires an EV Code Signing Certificate.
Supported file formats include .exe, .dll, .cab, .ocx, .msi, .jar, .xpi, and .xap in both 32-bit and 64-bit configurations.
Private Key Storage & Delivery
All code signing certificates now require private keys to be stored on hardware that meets FIPS 140-2 Level 2 or Common Criteria EAL 4+ standards. This is an industry-wide requirement set by the CA/Browser Forum, not specific to Sectigo.
By default, Sectigo ships a pre-configured USB hardware token with your certificate and private key already installed. You plug it in when you need to sign code. If you already have a compliant Hardware Security Module (HSM), whether on-premises or cloud-based through services like Google Cloud KMS or Azure Key Vault, you can choose the “Install on Existing HSM” option at checkout and provide key attestation. Key attestation is the process of proving your private key was generated and stored inside approved hardware.
Sectigo OV vs. EV Code Signing
This product page covers the standard Sectigo Code Signing Certificate (OV). Sectigo also offers an EV (Extended Validation) Code Signing Certificate, which involves a more thorough vetting of your organization’s identity and is required for certain use cases.
The main differences to consider: EV validation verifies additional details about your organization’s legal standing, physical address, and operational history. EV code signing is mandatory if you need to sign Windows kernel-mode drivers for Windows 10 and later. Both OV and EV certificates include a hardware token, support the same platforms, and use the same encryption standards.
Regarding Microsoft SmartScreen reputation, both OV and EV signed software build trust with the SmartScreen filter over time as users download and install your applications. EV certificates carry a stronger initial trust signal, but as of 2024, they no longer provide an instant bypass of SmartScreen warnings. Reputation develops organically for both validation levels based on download volume and publisher history.
If your use case calls for the highest validation level or you need kernel-mode driver signing, see the Sectigo EV Code Signing Certificate.
Validity, Pricing & Renewal
As of March 2026, the maximum validity for any newly issued code signing certificate is 460 days (approximately 15 months). This is an industry-wide change under CA/Browser Forum Ballot CSC-31, reducing the previous 39-month maximum. Multi-year plans are still available through SSL Dragon, but each certificate within the plan is capped at 459 days and will require annual reissuance.
The Sectigo Code Signing Certificate is an affordable code signing solution from the world’s largest CA. Check the code signing certificate price below and purchase with confidence. Compared to the cost of losing downloads to security warnings, a code signing certificate is a cheap investment. SSL Dragon offers competitive pricing, dedicated support, and a 25-day refund policy.
Sectigo Code Signing Certificate FAQ
Is the Sectigo Code Signing Certificate the same as Comodo Code Signing?
Yes. Sectigo was formerly Comodo CA until the 2018 rebrand. The Sectigo Code Signing Certificate is the same product with the same trust roots, validation process, and platform support. Only the brand name changed. You may also see this product referred to as a Comodo code signing SSL or Sectigo code signing SSL, but these are the same certificate.
What platforms does the Sectigo Code Signing Certificate support?
It supports Microsoft Authenticode (Windows 7 through 11), Java, Adobe AIR, Mozilla Objects, Microsoft Office VBA, Apple macOS, and Microsoft Silverlight. Supported file formats include .exe, .dll, .cab, .ocx, .msi, .jar, .xpi, and .xap.
How is the private key delivered?
By default, Sectigo ships a FIPS 140-2 Level 2 compliant USB hardware token with the certificate and private key pre-installed. If you have your own compliant HSM, you can select the “Install on Existing HSM” option during checkout.
What’s the difference between OV and EV Code Signing?
OV (Organization Validation) confirms your business identity and covers most signing needs. EV (Extended Validation) involves stricter verification and is required for Windows kernel-mode driver signing. Both include a hardware token and support the same platforms.
Can individual developers get a Sectigo Code Signing Certificate?
Yes. Sectigo is one of the few Certificate Authorities that offers an individual code signing certificate through Individual Validation (IV), allowing solo developers without a registered business to obtain a certificate tied to their verified personal identity.
Does timestamping keep my signature valid after the certificate expires?
Yes. When you timestamp your digital signature at the time of signing, it records proof that the code was signed while the certificate was active. The signature remains valid indefinitely, even after the certificate’s expiration date. You only need to re-sign if you modify the code.
What changed about code signing certificate validity in 2026?
The CA/Browser Forum reduced the maximum validity period from 39 months to 460 days (about 15 months) under Ballot CSC-31, effective March 1, 2026. Multi-year subscriptions are still available, but each issued certificate within the plan is limited to 459 days before reissuance is required.
