A Detailed Guide on How to Get a Code Signing Certificate

Get Code Signing Certificate Process

If you are here, you might already know the significance of using a reliable and trustworthy Code Signing Certificate.

Moreover, given the prevalent security risks, it has become mandatory to get this certificate as it helps foster a sense of authenticity and trust among your end-users.

So they stay assured that the software has come from a trusted source and has not been modified since its development.

Having said all of that, to get an issued code-signed certificate, you must follow a particular series of steps. If you’re unaware of the steps to take or facing any difficulty while completing the process, don’t worry; you’re at the right place.

According to the industry, standard code signing certificates will be required to store their private keys on hardware that meets specific certifications. The hardware must be licensed as either FIPS 140 Level 2, Common Criteria EAL 4+, or an equivalent standard.

Specifically, this requirement applies to OV (Organization Verification) Code Signing Certificates. From June 1st, 2023, OV Code Signing must comply with the mandate of storing their private keys in a Hardware Security Module (HSM). And it must meet the abovementioned criteria.

This change aims to enhance the security and integrity of code signing certificates. Also, to ensure that the private keys are stored in hardware that meets rigorous industry standards.

Implementing this requirement makes it more difficult for unauthorized individuals or malicious actors. Because gaining access to private keys becomes challenging, they must compromise the trustworthiness of code-signing operations.

Order Process of your Code Signing Certificate:

The process for ordering an IV/OV/EV Code Signing Certificate involves the following steps:

Step 1: Choose the appropriate certificate type based on your requirements, such as IV, OV, or EV.

Step 2: When purchasing a code signing certificate from SignMyCode, you can select the number of years such as 1 year, 2 year or 3 year and the delivery method according to your convenience.

Select Years

Note: You will save more than 50% if you buy 3 years code signing cert from us compare to other reseller or vendor’s website.

Choose Flexible Delivery Modes:

  • Use Existing Token: This option has no additional cost.
  • Token & US Shipping: It includes a fee of $89.99 for shipping within the United States.
  • Token & International Shipping: This option includes a fee of $129.99 for international shipping.
  • Token & Expedited US Shipping: This option includes a fee of $139.99 for expedited shipping within the United States.

Recommended: Simplifying Code Signing Certificate Delivery Methods (Private Key Storage Options)

Step 3: Add the selected certificate to your cart and proceed to checkout.

Secure Checkout Process

Step 4: Fill in the requested details on the checkout page, providing accurate information.

Fill Payment Details

Step 5: Select the payment method, either PayPal or Card, to complete the payment process.

Confirmation Page

Step 6: Review and confirm the details on the confirmation page, including the certificate type, delivery mode, and payment information.

Thank you Page SMC

Step 7: Once the order is successfully placed, you will receive an email for enrollment, or you can directly proceed from your dashboard.

Quick Enrollment Process using Multiple Options:

Enrollment Using an Existing Token Method:

Step 1: Generate a Certificate Signing Request (CSR) and add it to the enrollment form.

Insert CSR Using Existing Token Mode

Step 2: Fill in valid organization details as required with information like: Organization Name, DUNS Number, Address, Address2, Country, State, City, and ZIP/ Postal Code.

Organization Details Enrollment Process

Step 3: Provide your organization’s details, such as: Title, First Name, Last Name, Email, and Phone.

Organization Details Order Process

Step 4: Select the Hardware Security Module (HSM) type, such as Luma or YubiKey, and provide the Key Attestation.

Select HSM Type

Then, input the key attestation in the following boxes. You can always follow the guide for Key Generation and Attestation here.

Step 5: If there are any specific notes for the Certificate Authority (CA), you can mention them or leave the ‘Note’ field blank and submit the form.

Optional Note Section

QUICK MEMO: This process is applicable to the Existing Token Delivery Method.

After successful enrollment, the CA verification process begins. Once the validation is complete and successful, a digital token will be generated for you to sign your code.

Enrollment Using an Token + Shipping Method:

If you have placed an order with the Token + Shipping option, you won’t need to generate a CSR. The CA will handle this step for you.

Step 1: First, you need to enter your Organization’s details which will include the following:

  • Organization Name
  • DUNS Number
  • Address
  • Address 2
  • Country
  • State
  • City
  • ZIP/ Postal Code
Organization Details Order Process

Step 2: The second field requires you to mention your Organization’s Contact information. This incorporates the below-mentioned prompts:

  • Title
  • First Name
  • Last Name
  • Email
  • Phone

Step 3: Click on the check-box for “I Agree to the Certificate Services Agreement

Agree Terms and Condition

Overall, you only need to provide accurate organization details as requested and submit them to the CA for verification.

let us talk quick about the two different types of code signing certificates:

What Are The Two Types of Code Signing Certificates?

For public trust usage, primarily, there are two types of Code Signing Certificates. They are:

1. EV Code Signing Certificate

An EV Code Signing Certificate is a smart security certificate that is used to protect users against phishing software or malicious downloads. Therefore, they are considered ideal for software packages, device drivers, applications, and executable files

Due to a series of rigorous vetting procedures conducted by the Certificate Authorities, they need the publisher to comply with all the hardware security needs. Thus, these certificates are suited for a higher level of security.

In addition, the strict vetting process ensures that the code publisher seeking the certificate is a legit and operational entity. Of course, to receive the certificate, a particular entity must have its registered information.

If one has to highlight one aspect of the certificate, it would be the physical delivery (via email) of the private key to the entity that had requested the certificate. This eliminates unnecessary access by third parties or hackers. Upon receiving, the publisher can store the key in a safe location and eliminate any kind of unauthorized access.

Extended Validation Code signing features two distinct characteristics that makes it reputable with the Microsoft Smartscreen filter and it approves the software without any warning.

They are:

  • Rigorous vetting process
  • Private key storage in a hardware token

2. Standard or Organization Validation Code Signing Certificate

When we talk about a standard or Organization Validation Code Signing Certificate, the vetting process is not as stringent as the EV code signing certificate. Instead, it uses the traditional vetting process to verify a code publisher, individual, or entity.

Though there are some security flaws, constant changes are being added to this certificate’s vetting process to make it secure when compared to its previous version. For private key storage, from 1st June, 2023, OV Code signing certs are also need hardware token for private key storage. 

They can be:

  • Hardware security modules (HSMs), either cloud or physical appliances
  • Physical security tokens such as USB hardware devices
  • Key storage and signing services

There you have it- the two types of Code Signing Certificate. Now that you know about both types of certificates, you can choose the one that best suits your requirements and budget.

To give you better clarity about the two types, we have made a table for you. Refer to it below:

ParametersEV Code Signing CertificateOV  Code Signing Certificate
Vetting ProcessThe entities have to go through an elaborate and rigorous authentication process to validate themselves before the CAs. Here, they have to adhere to the guidelines laid down by the CAs.The vetting process is quite simple, and the entities need not undergo an elaborate process to authenticate their credentials.
Ideal ForEnterprises and OrganizationsIndividual developers or Organization
Microsoft SmartScreen filterMicrosoft SmartScreen Recognition is a trust indicator for software. When the developers sign the code, it will automatically get Microsoft SmartScreen Recognition.The SmartScreen recognition comes organically in these certificates. The recognition is built as more and more users download the software.
PricingA bit on the expensive side as it offers better security features.Cheaper than the EV Code Signing Certificate.
Buy NowBuy Now

With Code Signing Certificates you too can bolster your user trust and improve your software’s adoption and security while consistently tracking it.

Code Signing Certificates
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.