Secure Your Software with DigiCert Code Signing Certificates
Protect your code and build user trust with DigiCert Code Signing Certificates.
Secure Your Software with Confidence
Protect your software and establish trust with DigiCert’s industry-leading OV and EV Code Signing Certificates. By digitally signing your code, you assure users that your software is authentic and free from tampering. We've got you covered with OV and EV solutions that instantly boost your software's reputation and reduce security warnings. Choose DigiCert code signing from GeoCerts for seamless cross-platform compatibility and long-term security.
Get the DigiCert - Instilling Trust in Your Users Datasheet .
DigiCert Code Signing Certificates Comparison
| Feature | DigiCert OV Code Signing | DigiCert EV Code Signing |
|---|---|---|
| Validation Level | Organization Validation (OV) | Extended Validation (EV) |
| Verification Process | Verifies the organization’s identity | Most rigorous verification process, confirming legal, physical, and operational existence |
| SmartScreen Reputation | Builds over time | Instant Microsoft SmartScreen reputation |
| Security Warnings | Reduced | Minimal, due to immediate reputation boost |
| Private Key Storage | Must be stored on a secure hardware token * (as of Jun 2023) | Must be stored on a secure hardware token * |
| Certificate Display | Displays organization’s name on software installation | Displays organization’s name in download prompts in operating systems like Windows |
| Time Stamping | Yes | Yes |
| Cross-Platform Compatibility | Yes, including Windows, Mac OS, Java, etc. | Yes, including Windows, Mac OS, Java, etc. |
| Tamper-Proof Protection | Yes | Yes |
| Ease of Reissuance | Easy reissuance and replacement | Easy reissuance and replacement |
| Ideal For | Developers, small to medium businesses | Large enterprises, software with high distribution, or where maximum trust is required |
| Compliance | Meets industry standards and builds reputation over time for Microsoft's SmartScreen requirements | Meets and exceeds industry standards, with the highest level of compliance and provides instant Microsoft SmartScreen reputation |
* A DigiCert provided, compliant USB hardware token can be provided – $120.00 (USD)
Code Signing Key Benefits
- Boost User Trust. Users are more likely to trust and install software with a verified signature, reducing download abandonment rates.
- Protect Your Brand. Ensure that your software isn’t falsely attributed to another source, safeguarding your brand’s reputation.
- Maximum Trust. EV code signing certificates offer the highest level of trust, reassuring users that your software is from a legitimate, verified source.
- Compliance. Meet and exceed industry standards for software distribution, including Microsoft’s SmartScreen reputation requirements.
- Hardware Security. Your private keys are stored on a hardware token*, adding an extra layer of protection against theft or misuse.
Sign Faster with Ease on Multiple Platforms
Easily secure your code with wide range of of signing and management options.
DigiCert OV/EV code signing works with a variety of file types, including
- OpenSSL
- JAVA
- Authenticode
- Android
- GPG
- Debian
- Docker
- Nuget
- ClickOnce
Integration with Enterprise Systems
| CSPs on CI/CD Platforms | Client-side Libraries | Operating Systems & Platforms | Application Testing | Market Place Plug-in | HSMs & DPOD |
|---|---|---|---|---|---|
|
|
|
ReversingLabs | GitHub | Thales |
Code Signing Frequently Asked Questions
What is a Code Signing Certificate, and why do I need one?
A Code Signing Certificate is a digital certificate that allows software developers to sign their code, verifying the authenticity and integrity of the software. By using a Code Signing Certificate, you ensure that your software hasn’t been tampered with and that users can trust that it comes from a legitimate source. This helps prevent security warnings during download and installation, enhancing user confidence and trust.
What’s the difference between an OV and an EV Code Signing Certificate?
OV (Organization Validation) Code Signing Certificates validate the identity of the organization behind the software, providing a basic level of trust. EV (Extended Validation) Code Signing Certificates offer the highest level of trust with a more rigorous validation process and immediate recognition by Microsoft SmartScreen , which significantly reduces security warnings.
How does DigiCert’s EV Code Signing Certificate help with Microsoft SmartScreen?
DigiCert’s EV Code Signing Certificates offer instant recognition by Microsoft SmartScreen , which is a feature in Windows that protects users from downloading potentially malicious software. With an EV Code Signing Certificate, your software immediately gains reputation in SmartScreen, reducing or eliminating security warnings that could deter users from downloading or installing your application.
What platforms are supported by DigiCert Code Signing Certificates?
DigiCert Code Signing Certificates are compatible with all major platforms, including Microsoft Authenticode, Java, Adobe AIR, Mac OS, and Mozilla. This ensures that your software can be trusted across a wide range of environments and by users on various operating systems.
Which signing tools can be used with DigiCert Code Signing Certificates?
DigiCert Code Signing Certificates are highly versatile and can be used with a wide range of popular signing tools. These include Microsoft SignTool for Windows applications, jarsigner for Java applications, Apple's codesign for macOS applications, and signtool for Adobe AIR applications. These tools allow you to seamlessly sign your code, ensuring it is trusted and secure across different platforms.
How do time stamps work with Code Signing Certificates?
Time stamping your code signature ensures that your software remains valid even after your Code Signing Certificate expires. When a digital signature is time-stamped, it proves that the software was signed with a valid certificate at the time of signing, which helps maintain user trust long-term.
What are the new private key storage requirements for Code Signing Certificates as of June 1, 2023?
As of June 1, 2023, all Code Signing Certificates, including both OV and EV, require the private key to be stored on a secure hardware device, such as an HSM (Hardware Security Module) or a FIPS-compliant USB token. This change enhances security by ensuring that the private key used to sign your software is protected against tampering or theft. DigiCert can provide a FIPS-compliant USB token, which can be mailed directly to you, ensuring you meet these new requirements with ease.
Can I generate my own private key and CSR like I’ve done in the past?
Due to the new private key storage requirements introduced on June 1, 2023, for all Code Signing Certificates, you can only generate your own private key and CSR (Certificate Signing Request) if you can attest that the key is being installed on an approved HSM (Hardware Security Module). If you cannot meet this requirement, DigiCert can provide a blank FIPS-compliant USB token, which will be mailed to you. Once you receive the device, you can securely generate and install the private key and certificate directly onto the token over the internet while logged into your GeoCerts CertCommand account. This ensures that your keys are securely stored and fully compliant with the latest security standards.
Can DigiCert provide a FIPS-compliant USB token for my code signing certificate, and how much does it cost?
Yes, DigiCert offers FIPS-compliant USB tokens that meet the latest code signing requirements. When you buy a code signing certificate, you can request this hardware token directly from DigiCert ($120 USD). It will be shipped to you, and the private key and certificate can be securely installed on the token through our CertCommand platform, ensuring full compliance.