Code Signing Certificates

Increase download rates by eliminating security warnings

Buy Now

What is a Code Signing Certificate?

A code signing certificate is a digital certificate containing information that fully identifies an entity and is issued by a Certificate Authority like GlobalSign. The Digital Certificate binds the identity of an organization to a public key that is mathematically related to a private key pair. The use of private and public key systems is called Public Key Infrastructure (PKI). The developer signs code with its private key and the end user uses the developer’s public key to verify the developers identity. Learn about why you should use signed vs. unsigned code.

GlobalSign allows you to install Standard and EV code signing certificates on physical HSMs or cloud based HSM services such as: Azure Key-Vault, AWS CloudHSM, Google KMS, HashiCorp Vault, etc to name a few.

Note:- CAB Forum new guidelines says that from June 2023, Private keys for Code Signing Certificates need to be stored in HSMs compliant with FIPS 140 Level 2 or 3.
Contact us for more information about these deployment options.

Note: USB token not included in HSM or Key Vault deployments.

Multiple Platform Support

GlobalSign's Code Signing Certificates support multiple platforms using the same certificate.

You can sign Windows Builds, Container Images, Kernel Drivers, Jar Files and a variety of other use cases with GlobalSign’s Code Signing Certificates.


Code Signing For Software Vendors and Organizations

Our Code Signing Certificates are used by developers on all platforms to digitally sign the applications and software they distribute over the internet. Code signing essentially provides the same assurance as a shrink wrapped CD as the signed code includes the name of the publisher and assurance that the code hasn't been tampered with since being published. Anyone downloading software off of the internet can make a decision whether or not to trust the software.

Code signing certificates use a unique cryptographic hash to bind the identity of the publisher to the software. Security warnings that appear with unsigned code are replaced with notifications containing the software publisher's information, preventing users from abandoning the install and increasing download rates. Signing code adds an essential layer of trust to the installation process.

Code signing proves the signed software is legitimate, comes from a known software vendor, and that the code has not been tampered with since being published. Code signing prevents users abandoning the installation of an application due to security warning messages, malicious alternation of legitimate code, and identity theft of vendor author.


Standard vs. EV Code Signing Certificates

EV code signing certificates build on the existing benefits of standard code signing certificates to offer stronger levels of assurance that the identity of the publisher is correct and has been verified.

  • Strict vetting process assures end users that the identity of the publisher has been verified
  • EV Code Signing Certificates are required to access the Windows Hardware Developer Center Dashboard Portal through which all kernel-mode drivers targeting Windows 10 (Build 1607 and later) must be signed