Knowledge Base

Code Signing with the DigiCert® Certificate Utility for Windows

DigiCert does not recommend using the DigiCert Certificate Utility for Windows to create a code signing certificate CSR or to sign code files on currently supported versions of Windows. The DigiCert Certificate Utility for Windows signs files using a legacy SHA-1 hashing algorithm, and newer versions of Windows no longer trust files signed with SHA-1.

If you have not yet ordered your Code Signing Certificate, visit Code Signing Certificates.

After installing your DigiCert Code Signing Certificate on your DigiCert-provided hardware token, use the DigiCert Certificate Utility for Windows to: 

• Sign your code – How to Sign Your Code with the DigiCert Utility
• Check your file's code signing signature – How to Check Your File's Signature

If you have not yet installed your DigiCert Code Signing Certificate on your DigiCert-provided hardware token, please refer to https://knowledge.digicert.com/solution/set-up-your-digicert-provided-etoken

How to Sign Your Code with the DigiCert Utility

1. Plug the token containing your Code Signing certificate into the Windows machine where you’ll be signing your code.
2. On your Windows server or workstation, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
3. Run the DigiCert® Certificate Utility for Windows.
   Double-click DigiCert Util.
4. In the DigiCert Certificate Utility for Windows©, click Code Signing (blue and Silver shield), select the Code Signing Certificate that you want to use to sign your code, and click Sign Files.
   
   
   
   
5. In the Code Signing window, click Add Files, then browse for and select the file that you want to sign.
   
   
   
   
6. Next, check Add a timestamp to the signature if you want to timestamp your signature.
   1. To add your timestamp, you must be connected to the internet.
   2. Adding a timestamp allows your signature to remain valid after the Code Signing Certificate has expired, as long as the code remains unchanged.
7. Finally, click Sign.
8. When you receive the “All the files have been successfully signed” message, click OK.
   
   
   
   
9. Congratulations, you should now have a freshly signed piece of code, ready to use.

How to Check Your File's Signature

1. In the DigiCert Certificate Utility for Windows©, click Code Signing (blue and silver shield).
   
   
   
   
2. Next, click Check Signature to select and open the file whose signature you want to check.
3. In the Code Signed Signature Check window, you should see a green checkmark for “The file is signed and the signature was verified”.
   If you checked Add a timestamp to the signature, you should also see a green checkmark for “The signature was time stamped by DigiCert Inc on 'Date and Time'”.