Now that you’ve received a new FIPS 140-2 validated security key USB token with your EV Code Signing certificate in the mail, you may be wondering just what to do next. This FAQ answers common questions you may have about how to get started with your new certificate and USB token.
To sign files with your EV Code Signing certificate, simply plug the token into your computer, follow your software’s steps for signing code, and enter your YubiKey PIN.
• For instructions on using Microsoft SignTool and SSL Manager with your EV Code Signing certificate, please refer to our how-to, Using Your Code Signing Certificate.
• For instructions on using your EV code signing certificate with Java, please refer to our Java Code Signing Guide.
Signing kernel-mode and user-mode drivers in Windows 10 requires registration with the Windows Hardware Dev Center program. After you sign your driver with your EV certificate, it must be submitted to the Hardware Dev Center for signing by Microsoft. For complete information, please refer to Microsoft’s documentation:
• Kernel-Mode Code Signing Requirements
• Get started with the hardware dashboard program
• Register for the Hardware Program
Yes! The 3.0 release of SSL.com’s SSL Manager lets Windows users securely generate key pairs, order EV Code Signing and Business Identity certificates, and install certificates directly on their YubiKey from the application.
You can also generate key pairs and manage certificates on your YubiKey with Windows, macOS, and Linux computers via Yubico’s YubiKey Manager application. For more information, please read Key Generation and Attestation with Yubikey.
EV Code Signing certificate users can also use their certificate for hardware-free volume signing, team sharing, and CI/CD automation using the eSigner cloud signing platform. After ordering your EV Code Signing certificate, you can navigate to the user portal and begin the process there. Get more details on the process in this helpful guide.