Code Signing Certificates in United States

Online security vigilance is at an all-time high. Most Web users won’t download software unless you can prove it’s legitimate. Code signing certificates inspire confidence and give you the proof you need to validate your code.Software developers can use code signing certificates to provide extra assurance to their customers about who produced the content and that it’s not tampered with. Signed code also prevents unidentified third parties from altering the code before it’s distributed.Content publishers can digitally sign software components, macros, firmware images, virus updates, configuration files or other types of content for secure delivery over the Internet or other mechanisms.

Code signing is particularly important when the source of a given piece of code might not be obvious – for example Active X controls, Java applets, and other active Web scripting codes.Most Web users understand the potential risks involved with downloading content from the Internet. It’s important your end users can trust the code you publish on the Internet. Code signing certificates help confirm software security and assurance with your customers.

Newer operating systems and Internet browsers are often set to higher online security levels, which often require signed content. For example, Internet Explorer® uses Authenticode® technology to identify the publisher of signed software and verify that it hasn’t been tampered with.When a code signed file is downloaded from a website, the certificate is extracted from the file. The browser cross-checks this information with an internal list of certificate authorities, and then verifies the signature in the certificate.If the signed software is tampered with in any way, the digital signature breaks and alerts customers that the code has been altered and is not trustworthy.

When someone attempts to download or run unsigned code, their browser attempts to validate the security of the downloaded content. A security warning pops up or the Web page content fails to load, depending on the browser security settings. These warnings create suspicion and confusion for the user.Digitally signing code prevents unnecessary warning dialogues when end users attempt to run the signed application or executable file.

After you purchase a code signing certificate, you need to provide a certificate signing request (CSR) from the computer that is signing the code. Depending on the use of the certificate, you can create the CSR automatically, or you can use a tool like OpenSSL to generate the CSR.After you submit your request, we verify the company information you supplied. The Registration Authority (RA) might contact you to provide additional information, if required. You can monitor the validation process through your account.Once the code signing certificate is issued, we’ll send you an email with a link to download and install the certificate file and any associated intermediate certificates.You can even time-stamp your signature block using Authenticode to show the validity of your certificate at the time the code was signed.