Table of Contents

Code Signing Certificates are a means for developers on all platforms to digitally sign their applications and software that they make available over the internet. Signed code is marked with the name of the publisher, providing protection against the introduction of malware and other subsequent modifications.

Introduction

All Code Signing Certificates use a unique cryptographic hash to bind the identity of the publisher to the software. Security warnings displayed for unsigned code are replaced with information about the publisher of the software. This helps prevent users from aborting the installation out of uncertainty. Code signing therefore adds an important level of trust to the installation process.
Code signing shows that the signed software is authentic, comes from a known software vendor and that the code has not been modified since it was signed. Code signing helps to alleviate users’ security concerns, reducing the number of installation abortions. It also prevents  the code from being changed with malicious intent or the identity of a trusted software vendor from being misused by others.

Feature overview

Here is a brief overview of the features included for Code Signing Certificates:

  • A single Code Signing Certificate for all applications:
    • Microsoft Authenticode
    • Adobe AIR
    • Apple OS X
    • SunJava
    • Mozilla & Netscape Objects
    • Macros & VBA
  • Eliminates "Unknown Publisher" security warnings when downloading code
  • Due to the time stamp service, the signature does not expire, even if the certificate expires
  • Signs an unlimited number of applications
  • Protects your brand and reputation

Features

Code Signing CertificateEV Code Signing Certificate

Information displayed in the certificate

Company name

Company name
Company address
Type of company

Eliminates the "Unknown Publisher" security warnings

(tick)(tick)

Instant reliability with Microsoft Smartscreen

(error)(tick)

Sign an unlimited number of applications

(tick)(tick)

Compatible with popular platforms (MS Authenticode, Office VBA, Java, Adobe AIR, Mac OS, Mozilla)

(tick)(tick)

Signature does not expire when time stamp is applied

Time stamp available and recommendedTime stamp available and recommended

Ordering a Code Signing Certificate

Enclosed are some brief overviews of the process flow for ordering code signing.

DigiCert and Sectigo

  1. Orders are carried out via our systems
  2. A CSR is mandatory to place an order
  3. Verification of the company takes place on the basis of the commercial register entry and a telephone verification
  4. The email with the certificate is sent
  5. The certificate is ready for use immediately

GlobalSign

  1. Orders are carried out via our systems
  2. A CSR is mandatory to place an order
  3. A pickup password is mandatory to place an order
  4. Verification of the company takes place on the basis of the OV or EV guidelines
  5. The USB token is sent by a service provider located in Germany
  6. The email with download link is sent simultaneously
  7. After receiving the USB token, the certificate is downloaded via the SafeNet Authentication Client with link and password
  8. After installation, the certificate is ready for use

Note

The USB token is sent on behalf of GlobalSign by a service provider based in Germany. The initial password of the USB token is 0000. 
We recommend changing the password of the USB token by using SafeNet Authentication Client before installing the certificate.

General notes

For some applications, it may be necessary to convert the delivered Code Signing Certificate. Use tools like the MS SSL ToolKit for this.
IInstructions for using the included time stamp function can be found under the following links:

Depending on the CA, the delivery of the Code Singing Certificate varies:


Code Signing CertificateEV Code Signing Certificate
DigiCertBy email-
GlobalSignCryptographic USB token (incl.)Cryptographic USB token (incl.)
SectigoBy email-

The USB token is sent free of charge by GlobalSign and is already included in the basic price of the certificate. A cancellation of the USB token is not possible.
If the USB token is shipped outside the EU, customs duties may be incurred under certain circumstances, which are to be borne by the certificate holder.