Digitally sign your software and code with a trusted Code Signing Certificate
The signature guarantees the identity of the signer and that the code has not been altered.
Order your code signing certificate from Certum, GlobalSign or Digicert today !
Who can apply for a code signing certificate?
A code signing certificate can be issued for natural persons (e.g. individual developers, sole traders) and registered companies and organizations (e.g. Ltd., Inc., LLC, associations, etc.).
However, only Certum currently issues certificates for individual developers and private persons.
How can I apply for a certificate?
Please order your code signing certificate online here: Buy Code Signing Certificate
After receipt of payment, you will receive a link to start the configuration online.
What is the difference between a Standard Code Signing Certificate and a Certificate with Extended Validation (EV)?
Code Signing Certificates with Extended Validation (EV) are subject to a very strict validation process and must be stored on a secure token (virtual or hardware). EV certificates can only be issued for companies that are registered in a commercial register. In addition to maximum security due a cryptographic token, only EV certificates enable immediate reputation with Microsoft SmartScreen. This is a major benefit especially for software startups that do not yet have high download rates.
Important steps for a smooth validation process
Since a Code Signing Certificate confirms the identity of the signer, the Certificate Authority must be able to verify your data through a trusted 3rd party source. The Certificate Authority will check the following details:
- – Name of person or legal entity name of your organization li>
- – Applicant’s address li>
- – Telephone number of the applicant li>
Individual software developers must provide their first and last name (e.g., “John Smith”), while registered companies must submit their application under their legal entity name (exactly as they are registered with local authorities).
Fictitious trade names (such as “XY Software” for a non-registered business) will not be accepted !
Validation of data must also be possible through a trusted third-party source, such as a government registry or corporate database like Dun&Bradstreet (DUNSĀ®).
How does the validation process work?
After submitting the application to the Certificate Authority, they compare your data with the DUNSĀ® database.
Therefore it is important to keep your DUNSĀ® record up to date. You can check your record here:
Ā -> DUNSĀ® Business Directory
In case you do not want to apply for a DUNSĀ® number, vetting can also be done using legalized documents.
Where can I download my Code Signing Certificate?
To collect your code signing certificate, please follow the link you have received in the fulfillment email.
Where can I download the certificate in PFX file format?
Due to new industry regulations, it is no longer possible to export a certificate (and its private key) in PFX format.
All code signing certificates and respective private keys must now be stored on a secure token.
Read more: -> New private key storage requirement for Standard Code Signing certificates