Digitally sign your software and code with a trusted Code Signing Certificate
The signature guarantees the identity of the signer and that the code has not been altered.
Order your certificate from Sectigo (formerly Comodo CA), GlobalSign, thawte and Symantec today !
Who can apply for a code signing certificate ?
A code signing certificate can be issued for natural persons (e.g. individual developers, sole traders) and registered companies and organizations (e.g. Ltd., Inc., LLC, associations, etc.). However, only Sectigo currently issued certificates for individual developers.
How can I apply for a certficate ?
Please order your code signing certificate online here: Buy Code Signing Certificate
After receipt of payment, you will receive a configuration link and can configure your certificate.
What is the difference between a Standard Code Signing Certificate and a Certificate with Extended Validation ?
Code Signing Certificates with Extended Validation (EV) are subject to a very strict validation process and must be stored on a hardware token. EV certificates can only be issued for companies that are registered in a commercial register. In addition to maximum security due a hardware token, only EV certificates enable immediate reputation with Microsoft SmartScreen. This is a great benefit especially for software startups that do not yet have high download rates.
Important steps for a smooth validation process
During configuration, the private key and the Certificate Signing Request (CSR) are automatically created. Please use Internet Explorer 11 (or Safari on Mac) for the whole configuration process ! Other browsers (e.g. Edge, Chrome, Opera, etc.) are not supported.
Since a Code Signing Certificate confirms the identity of the signer, the Certificate Authority must be able to validate your data through a trusted 3rd party source. The Certificate Authority will check the following details:
- – Name of person or legal entity li>
- – Applicant’s address li>
- – Telephone number of the applicant li>
Individual developers must submit their name and surname (e.g.: “John Smith”) and registered companies must apply in the name of their legal entity (exactly as registered with local authorities).
Fictitious trade names (such as “XY Software” for a non-registered business) will not be accepted !
Validation of the data must be performed using a trusted third-party source.
Currently only the Dun & Bradstreet Business Database (DUNS®) is accepted by the Certificate Authorities.
How does the validation process work ?
After submitting the application to the Certificate Authority, they compare your data with the DUNS® database.
Therefore it is important to keep your DUNS® record up to date and also publish a valid the telephone number:
In case you do not want to apply for a DUNS® number, vetting can also be done using legalized documents.
Instructions for the so-called face-to-face validation conducted by Sectigo can be found here:
Sectigo Face-to-Face Verification Instructions
All documents must be certified by a lawyer or notary public !
Once the applicant’s data has been verified by the Certificate Authority, the Certificate Authority will initiate the automated callback.
You will receive a link to request an automatic call to the official phone number. After entering the verification code, the certificate will be issued within a few minutes.
Note: Verification of the telephone number is a mandatory step. It is essential that a valid telephone number is published in the DUNS® database.
Where can I download my Code Signing Certificate ?
To collect your code signing certificate, please follow the link you have received in the fulfillment email.
You must use the same browser and user profile that you have used during the configuration process.
During configuration, the private key was automatically created and stored in the browser’s trust store.
Without the private key you cannot use your certificate !
Where can I download my PFX file ?
To export your Code Signing Certificate in PKCS12 format (PFX) please follow these steps:
1) Please press Alt-X to open the Internet options
2) Click -> Content tab -> Certificates
3) Select your certificate and click the “Export” button
4) Choose the option “Yes, export the private key”
5) Enter an export password and download the certificate
1) Please open the Firefox browser on the PC you have used during the enrollment process
2) Click on -> Tools -> Options -> Advanced tab -> Certificates -> View Certificates
3) Please select your certificate from the list and click the “Backup” button
4) You can now export your private key and certificate in PKCS12 (PFX) format
Hint: If your signing application needs a different file extension (e.g. .pfx) please rename the exported file.