A code signing certificate is a digital certificate used to sign software, scripts, or executables.
These certificates are commonly used in software distribution to provide trust and assurance to users, confirming that the software they are downloading or installing is legitimate and has not been modified by malicious actors.
Organization Validation (OV)
Provides verification of the publishers identity ensuring the software comes from a legitimate source, protecting against unauthorized code distribution.
Displays publishers name in the operating system providing reassurance of the software's code.
Supports timestamping which ensures long-term validation of your code and maintains trust in the software overtime.
Extended Validation (EV)
Offer the highest level of security and undergoes a rigorous validation process, ensuring the highest level of trust.
Displays the software publisher name and other visual indicators during the installation process, reducing installation warnings or security prompts.
Supports timestamping which ensures long-term validation of your code and maintains trust in the software overtime.
Optimize Your Security with GlobalSign: Top Code Signing Applications
-
Code Signing Certificates to secure your executable files
Secure your executables to prevent unauthorized modifications and ensure the integrity of your software. Choose between Standard and Extended Validation (EV) certificates to meet your security needs and protect your software applications and DevOps pipelines.
-
Signing container images using GlobalSign Certificates and Azure Key Vault
Sign and verify container images using a Code Signing Certificate issued by GlobalSign via Azure Key Vault. This helps identify, authorize, and validate the identity of both the publisher of the container image and the container image itself.
-
Code Signing Certificates issued using Azure Key-Vault and Azure Signtool
Code Signing certificates ensure the security, integrity, and trustworthiness of software deployed and managed in Microsoft Azure environments. They help protect against unauthorized code modification, mitigate security risks, and build trust with users and customers.
-
Code Signing Certificates issued using AWS CloudHSM
Code Signing certificates can be used to securely sign Windows drivers and builds, leveraging dedicated HSMs for key management and cryptographic operations, thereby enhancing their trustworthiness and ensuring security.
Digitally Sign Across Multiple Platforms with One Certificate
You can sign Windows Builds, Container Images, Kernel Drivers, Jar Files and a variety of other use cases with GlobalSign’s Code Signing Certificates.
Compliance Requirements for Code Signing Certificates
GlobalSign understands heightened concerns around securing codes and code signing processes at your company. Our key storage options include Token or HSM implementation (HSM's are not provided):
- Compliance with industry standards which require the strongest key protection possible, i.e. FIPS 140 Level 2 or Common Criteria EAL 4+ compliant.
- GlobalSign Code Signing Certificates are automatically shipped with a standards-compliant cryptographic USB token (HSM implementation option is available if selected at checkout).
- Azure Key Vault HSM compatibility.
