Code Signing Certificates
What is code signing?
Code Signing is a method of using an X.509 certificate to place a digital signature on a file, program, or software update which guarantees that the file or software has not been tampered with or compromised. It’s a means of providing an added level of assurance to the user that the item is authentic and safe to use.
Software developers digitally sign their software programs, apps, and drivers, with code signing certificates to prevent tampering or compromise of applications by unauthorized parties.
These digital certificates are especially useful in applications that are distributed through the Internet, where applications can pass through a number of suspicious parties or websites before it finally gets downloaded and installed.
Unsigned applications can easily be altered to include malware or viruses, and these untrusted applications will display warning messages resulting in lower installation yields. A code signing certificate issued from a trusted Certificate Authority such as SSL.com can prevent all of those problems.
Code signing certificates can be enrolled to SSL.com eSigner cloud code signing service which lets you conveniently add globally trusted digital signatures and timestamps to your software code from anywhere, with no need for USB tokens, HSMs, or other special hardware.
- eSigner information is available on SSL.com’s main eSigner page. Please read Remote Code Signing with eSigner for information on enrollment and use
- eSigner CKA (Cloud Key Adapter) is also available, allowing tools such as SignTool.exe or Certutil.exe to use eSigner CSC for EV code signing operations
- Supports CI/CD integration for full automation of signings
Why should you use a Code Signing Certificate?
Organization Validation (OV) Code Signing Certificate
The SSL.com OV Code Signing Certificate is suitable for organizations like software publishing companies who wish to sign their software applications with an organization’s validated identity. The OV code signing certificate works best for teams that sign with a shared organizational identity.
Personal Identity Code Signing Certificate
The Personal Identity or Individual Validation (IV) Code Signing Certificate applies digital signatures with a validated personal name instead of an organization, perfect for independent software developers and individual project contributors who wish to increase confidence and trust from their users.
Which Level of Validation Code Signing Certificate do I Need?
Not sure which type of validation you need? Our table below breaks down the features between EV and OV certificates so you can make the right decision.
|Sign Windows 10 Drivers|
|Sign pre-Windows-10 Drivers|
|Instant Microsoft SmartScreen Reputation|
|Two-factor Authentication with USB Token or Cloud Signing Service|
|Available to Individuals Without a Registered Business|
|Trusted on Major Software Platforms|