CodeSigning SSL Certificates

• Compatible with major platforms
• Company identity in certificate
• Removes "unknown publisher"
• Security Warnings
• Company name, address, and type included in certificate
• Immediate reputation with Microsoft SmartScreen Filter

Extended Validation (EV) Code Signing Certificate Features
Information displayed in Certificate	Organization Name Organization address Type of Organization
Removes "unknown publisher" security warnings
Signature does not expire when Time Stamping is applied	Time stamping available & recommended
Sign an unlimited number of applications
Compatible with major platforms (Authenticode, Office VBA, Java, Adobe AIR. Mac OS, Mozilla)
Key storage options	By default, a cryptographic USB token is included with EV Code Signing Certificates. If you’d prefer, EV Code Signing Certificates can be stored on an HSM or Azure Key Vault (provided by customer). Please select the “HSM Implementation” option at checkout.
Immediate reputation with Microsoft SmartScreen

What are the Key Storage Options for Code Signing Certificates?

As a substantial increase in Software Supply Chain (SSC) attacks and use of open-source software is observed in recent years, GlobalSign understands heightened concerns around securing codes and code signing process at your company. Whether it’s a SSC attack or other, we can help you protecting your private keys against malicious party by executing compliance with industry standards which require the strongest key protection possible, i.e. FIPS 140 Level 2 or Common Criteria EAL 4+ compliant. Proper handling of private keys not only minimizes the risk of fraudulent access to the keys, but also allows for easier trace at the time of forensic investigation.

Storing the keys on secure cryptographic hardware, such as a USB token or Hardware Security Module compliant with the standards, significantly decreases the chance of key compromise compared to storing the keys locally or substandard equivalents for easier internal sharing. Therefore, now it’s a requirement for both standard Code Signing and Extended Validation Code Signing Certificates. Both GlobalSign standard Code Signing Certificates and GlobalSign EV Code Signing Certificates are automatically shipped with a standards-compliant cryptographic USB token, unless HSM implementation option is selected at checkout.

Why should you digitally sign your code?

Code Signing Certificates are used by developers on all platforms to digitally sign the applications and software they distribute over the Internet. Code Signing essentially provides the same assurance as a shrink wrapped CD – the signed code includes the name of the publisher and assurance that the code hasn't been tampered with since being published. Anyone downloading software off of the internet can make a decision whether or not to trust the software.

Why choose GlobalSign for Code Signing?

Unlimited Signing Capabilities

Sign as many applications as needed with no additional fees.

Sign Multiple Platforms

Digitally sign Authenticode, Office VBA, Adobe AIR, Mozilla, Mac OS with one certificate.

Industry-leading local language support

GlobalSign has offices worldwide offering local language customer support and account management.

Long Term Validity

Time stamping is included and recommended when the certificate expires, allowing for long term validity, meaning the signature on code does not expire what the certificate expires.

Prevent Security Warnings & Increase Downloads

Digitally signing code prevents users from abandoning the installation process by removing alarming security messages that accompany unsigned code.

Immediate Reputation with Microsoft SmartScreen

GlobalSign Extended Validation (EV) Code Signing Certificates establish immediate reputation with Microsoft’s SmartScreen Filter, removing scary warning messages.

Helpful Resources

• Compatible with major platforms
• Company identity in certificate
• Removes "unknown publisher"
• Security Warnings

Standard Code Signing Certificate Features
Information displayed in Certificate	Organization Name
Removes "unknown publisher" security warnings
Signature does not expire when Time Stamping is applied	Time stamping available & recommended
Sign an unlimited number of applications
Compatible with major platforms (Authenticode, Office VBA, Java, Adobe AIR. Mac OS, Mozilla)
Key storage options	You have a choice of storing keys on a token or HSM. Tokens are included in our package, HSM is not provided. Token options (choose “Token Implementation” at checkout) - Cryptographic USB token - Other hardware storage token - SD card or USB token HSM options (choose “HSM Implementation” at checkout) - HSM - Azure Key Vault
Immediate reputation with Microsoft SmartScreen	No

What are the Key Storage Options for Code Signing Certificates?

As a substantial increase in Software Supply Chain (SSC) attacks and use of open-source software is observed in recent years, GlobalSign understands heightened concerns around securing codes and code signing process at your company. Whether it’s a SSC attack or other, we can help you protecting your private keys against malicious party by executing compliance with industry standards which require the strongest key protection possible, i.e. FIPS 140 Level 2 or Common Criteria EAL 4+ compliant. Proper handling of private keys not only minimizes the risk of fraudulent access to the keys, but also allows for easier trace at the time of forensic investigation.

Storing the keys on secure cryptographic hardware, such as a USB token or Hardware Security Module compliant with the standards, significantly decreases the chance of key compromise compared to storing the keys locally or substandard equivalents for easier internal sharing. Therefore, now it’s a requirement for both standard Code Signing and Extended Validation Code Signing Certificates. Both GlobalSign standard Code Signing Certificates and GlobalSign EV Code Signing Certificates are automatically shipped with a standards-compliant cryptographic USB token, unless HSM implementation option is selected at checkout.

Why should you digitally sign your code?

Code Signing Certificates are used by developers on all platforms to digitally sign the applications and software they distribute over the Internet. Code Signing essentially provides the same assurance as a shrink wrapped CD – the signed code includes the name of the publisher and assurance that the code hasn't been tampered with since being published. Anyone downloading software off of the internet can make a decision whether or not to trust the software.

Why choose GlobalSign for Code Signing?

Unlimited Signing Capabilities

Sign as many applications as needed with no additional fees.

Sign Multiple Platforms

Digitally sign Authenticode, Office VBA, Adobe AIR, Mozilla, Mac OS with one certificate.

Industry-leading local language support

GlobalSign has offices worldwide offering local language customer support and account management.

Long Term Validity

Time stamping is included and recommended when the certificate expires, allowing for long term validity, meaning the signature on code does not expire what the certificate expires.

Prevent Security Warnings & Increase Downloads

Digitally signing code prevents users from abandoning the installation process by removing alarming security messages that accompany unsigned code.

Immediate Reputation with Microsoft SmartScreen

GlobalSign Extended Validation (EV) Code Signing Certificates establish immediate reputation with Microsoft’s SmartScreen Filter, removing scary warning messages.

Helpful Resources

• Encrypted Digital Signature
• Extended Validation Process
• Powered by Sectigo
• Validated Content Source
• CA/Browser Forum authentication standards
• Protects private key from theft via hardware token and PIN
• Supports all major 32-bit/64-bit formats
• Includes timestamp functionality
• Free 24/7/365 expert support in multiple languages

• Encrypted Digital Signature
• Extended Validation Process
• Powered by Sectigo
• Validated Content Source
• CA/Browser Forum authentication standards
• Protects private key from theft via hardware token and PIN
• Supports all major 32-bit/64-bit formats
• Includes timestamp functionality
• Free 24/7/365 expert support in multiple languages