Knowledge Base

Which type of Code Signing certificate should I request?

View the different Code Signing certificate types.

Is a Code Signing certificate tied to my domain name?

No, a Code Signing certificate is tied to your Organization Name only. The Common Name you are prompted for is required by our system for the request to be accepted, but we will replace it in our system with the Organization Name you have entered in your CSR so that the correct details will be displayed when the signature on the code is viewed.

How long can I use a Code Signing certificate for?

Code Signing certificates are valid for 1 to 3 years depending on which life cycle you choose when you purchase the certificate. See: pricing information. You should also timestamp your signed code to avoid your code expiring when your certificate expires.

Is timestamped code valid after a Code Signing Certificate expires?

DigiCert timestamp services allow you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the system validates the timestamp. If you use the timestamping service when signing code, a hash of your code is sent to the timestamp server to record a timestamp for your code. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired.

Please specify the timestamp server url you need when you sign your code. DigiCert provides you with both a SHA-1 and SHA-256 RFC 3161 timestamping URLs.

The timestamp server validates the date and the time that the file was signed therefore the certificate can expire but the signature will be valid for as long as the file is in production. A new certificate is only necessary if you want to sign additional code or re-sign code that has been modified.

If you do not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers.

To verify if your file has been timestamped, you can use the verifying commands provided in our knowledge base articles. The date and time will be displayed when the file has been timestamped. No dates or a warning will appear when the file has NOT been timestamped.

See: Instructions to sign and timestamp your code.

How can I timestamp VBA projects?

See: Instructions for timestamping VBA code.

Is there a limit to the number of applications that can be signed with a Code Signing Certificate?

No, DigiCert does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are used for and distributed by the organization that owns the certificate.

Which browsers are supported by DigiCert Code Signing Certificates?

See: Enrollment requirements.

Are DigiCert Code Signing Certificates chained? 

Yes, the Thawte Code Signing Certificates are chained. The Code Signing Certificates are signed by the Thawte Code Signing CA Intermediate Certificate which is chained to the Thawte Primary Root CA certificate.

Developer Code-Signing Technology

Whenever an application attempts to access your system, it has the potential to do anything, be it expected, or unexpected. To safeguard users, any code seeking additional privileges must be signed. The certificate displayed, identifies the developer or organization deploying that code. The signature also prevents the code being 'tampered' with, and redeployed.

Getting a Developer Code-Signing Certificate

The required files are created by your browser during the enrollment process (except in the case of a JavaSoft Certificate) and our verification team then sets about verifying the details contained in the certificate request submitted to us once the enrolment has been completed. As soon as the details have been verified completely you are issued with a DigiCert Code Signing certificate which is tied to your Organization.

DigiCert Developer Support

DigiCert is a trusted certificate provider. We do not make or support any software. We are more than happy to help wherever certificates are used, however, in the case of software specific issues, we may not always be able to help. The best people to contact will always be your software vendor.