What is code signing?
Code signing appends a digital signature to code that validates the content has not been altered since it was signed and distributed. Code signing works for software components, macros, firmware images, configuration files, and other types of content.
Browsers and operating systems are continually improving security measures, and many currently scan downloaded files to check for digital signatures.
Browsers and operating systems are continually improving security measures, and many currently scan downloaded files to check for digital signatures.
Who needs a code signing certificate?
A code signing certificate is strongly recommended for any publisher intending to distribute code or other content over the Internet or over corporate networks. Use of code signing certificates may help enhance a publisher's reputation.
How long can I use my code signing certificate?
Code signing certificates are valid for one, two, or three years depending on which duration was specified when the certificate was purchased.
Do you certify the content of my code?
No. Code signing certificates are only used to verify the publisher who signed the content and that the content has not been altered or corrupted.
Why should I time stamp the code when I sign it?
Time stamping ensures that signed code will not expire when the code signing certificate expires. Signed code which has been time stamped is valid, even after the code signing certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code whenever the code signing certificate changes due to re-keying or renewal.
Which utility is used to verify whether the file has been time stamped?
Is there a limit to the amount of time stamp requests allowed for a Code Signing Certificate?
No. Unlike some of our competitors, we do not limit the number of time stamp requests which can be issued by a single code signing certificate.
Is there a limit to the number of applications allowed to be signed with a code signing certificate?
No. You are not limited to any specific number. You can sign as many applications or other content with a code signing certificate as you wish, provided that the applications are going to be used for and distributed by the organization that owns the certificate.
Can I request a code signing certificate as an individual?
No. Only businesses whose identity can be verified via various state or federal governmental agencies can be issued a code signing certificate.
Can I sign Windows Vista 64-bit device drivers with a code signing certificate?
No. Windows Vista device driver signing requires special code signing certificates which we do not currently offer.
Can I sign Macintosh OS X 10.5 and later code with a code signing certificate?
Yes. Complete documentation will be added to our website at later time.
What settings should be enabled in Internet Explorer to allow a user to receive the certificate pop-up on downloaded content?
In order to receive the certificate pop-up when the file is downloaded, you will need to enable the feature.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store?
For Windows XP, everything is automatic. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here.
A code signing certificate is strongly recommended for any publisher intending to distribute code or other content over the Internet or over corporate networks. Use of code signing certificates may help enhance a publisher's reputation.
How long can I use my code signing certificate?
Code signing certificates are valid for one, two, or three years depending on which duration was specified when the certificate was purchased.
Do you certify the content of my code?
No. Code signing certificates are only used to verify the publisher who signed the content and that the content has not been altered or corrupted.
Why should I time stamp the code when I sign it?
Time stamping ensures that signed code will not expire when the code signing certificate expires. Signed code which has been time stamped is valid, even after the code signing certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code whenever the code signing certificate changes due to re-keying or renewal.
Which utility is used to verify whether the file has been time stamped?
- Windows - Use the SignTool.exe utility included with the Windows SDK to verify the presence of a time stamp in code which has been signed. http://msdn.microsoft.com/en-us/library/aa387764(VS.85).aspx
- Java - Use JarSigner.exe included as part of the JDK which is available here.
Is there a limit to the amount of time stamp requests allowed for a Code Signing Certificate?
No. Unlike some of our competitors, we do not limit the number of time stamp requests which can be issued by a single code signing certificate.
Is there a limit to the number of applications allowed to be signed with a code signing certificate?
No. You are not limited to any specific number. You can sign as many applications or other content with a code signing certificate as you wish, provided that the applications are going to be used for and distributed by the organization that owns the certificate.
Can I request a code signing certificate as an individual?
No. Only businesses whose identity can be verified via various state or federal governmental agencies can be issued a code signing certificate.
Can I sign Windows Vista 64-bit device drivers with a code signing certificate?
No. Windows Vista device driver signing requires special code signing certificates which we do not currently offer.
Can I sign Macintosh OS X 10.5 and later code with a code signing certificate?
Yes. Complete documentation will be added to our website at later time.
What settings should be enabled in Internet Explorer to allow a user to receive the certificate pop-up on downloaded content?
In order to receive the certificate pop-up when the file is downloaded, you will need to enable the feature.
- Enable Check for Signatures
- Open the Tools menu in Internet Explorer and click Internet Options. Click the Advanced tab.
- Scroll to the bottom and verify that the option Check for signatures on downloaded programs is checked in the Security section.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store?
For Windows XP, everything is automatic. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here.