Code Signing Certificates
A CERTASSURE code signing certificate uses authenticated digital signatures to assure users that they can trust your software so they feel confident about downloading and installing it.
A code signing certificate is valid for one to three years, depending on your purchase choice. Provided you opt for the timestamping option, all code that you signed before certificate expiry will continue to be trusted even after the certificate has expired.
*Starting @ $149/yr BUY
Features and Benefits
- Customer confidence
- Guarantee of authenticity
- Protection for your business reputation and intellectual property
- Widely supported and compatible with all major formats
- Seamless integration with browsers
- Ease of use with vendor software tools, macros, and object development
The need for trusted code
In a highly competitive online marketplace, a challenge if you’re a developer is making sure that customers get your original product and not a repackaged, counterfeit version with malicious code. It’s also a challenge to build customers’ trust.
When customers buy software from a store, they can easily verify who published the software and check that the packaging is still sealed. Before downloading applications online, however, customers have to weigh the benefits of software against potential risks to the security of their devices and data.
Applications signed with a code signing certificate show customers that the code comes from you and has not been altered or tampered with since it was created and signed.
When to use a code signing certificate
A CERTASSURE code signing certificate is ideal for
- any software publisher planning to distribute code or content over the internet
- any software publisher planning to distribute applications via corporate intranets.
One Code Signing Certificate for all Platforms
CERTASSURE code signing certificates give developers the flexibility to sign applications developed for all the major platforms. These include:
Digitally sign Mozilla and legacy Netscape Object files.
Digitally sign Adobe AIR applications.
Digitally sign .jar files and Java applications for desktop and mobile devices. Recognized by the Java Runtime Environment (JRE).
Digitally sign applications, plug-ins, and content for Mac OS desktops.
Digitally sign Windows 32 and 64-bit content, including .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap files, ActiveX controls, and kernel software. Establish instant reputation with Microsoft SmartScreen by signing your applications with an EV code signing certificate.
Digitally sign Windows 8 applications.
Digitally sign macros and Visual Basic for Applications (VBA) content, including compatible Office applications.
Digitally sign any Microsoft Silverlight application or XAF file.
Do I need to have a registered business to get a CERTASSURE code signing certificate?
Yes. CERTASSURE must prove that your business is a registered entity before issuing your code signing certificate.
Does CERTASSURE Inc. certify the content of my code?
No. We certify that the software really comes from the publisher who signed it. We also certify that the software has not been altered or corrupted since it was signed.
How does timestamping work?
When code is signed, the code is passed through a hashing algorithm and signed using your private key. This results in a digital signature. The signature is combined with a code-signing certificate to create a signature block. Tools like Authenticode let you timestamp the signature block based on the current date and time that an authority, such as CERTASSURE Inc., provides. Finally, you bind the timestamped signature block to the original software.
CERTASSURE code signing certificates are issued by Comodo CA Limited. As part of this process, you will need to know the URL of Comodo’s timestamping server, which you can find at https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server.
Which utility can you use to verify whether a file has been timestamped?
You can use the chktrust.exe utility included with the Authenticode SDK tools to verify whether a file has been timestamped. If it has, the date and time will display. If the file has not been timestamped, the utility will return the message, “Unknown date and time.”
Do CERTASSURE code signing certificates support kernel-mode signing certificate in Windows?
Yes. Our certificates support kernel-mode code signing on both 32 and 64-bit versions of Windows Vista and greater and Windows Server 2008 and greater.
Is there a limit to the number of applications that may be signed with a single code signing certificate?
No. You can sign as many applications with a code signing certificate as you wish, provided that the applications are going to be used for and distributed by the organization that owns the certificate.
What settings should be enabled in Internet Explorer to allow a user to receive the certificate pop-up?
In Internet Explorer, a security setting must be enabled for a certificate pop-up to display to the user when a file is downloaded. To access the setting, select Tools – Internet Options, click the Advanced tab, and scroll down the Settings list to the Security section. Then make sure that the option “Check for signatures on downloaded programs” is selected.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store?
For Windows XP through to the most recent Windows operating system, customers automatically have access to all the latest certificates. For older versions of Windows, it is highly recommended that you install the latest root update. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content.