Is a Code Signing certificate tied to my domain name?
No, a Code Signing certificate is tied to your Organization Name only. Our system requires the Common Name you are prompted to accept, but we will replace it in our system with the Organization Name you have entered in your CSR so that the correct details will be displayed when the signature on the code is viewed.
Is there a limit to the number of applications allowed to be signed with a Code Signing Certificate?
No, Digicert does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are used for and distributed by the organization that owns the certificate.
Are DigiCert Code Signing Certificates chained?
Yes, the Thawte Code Signing Certificates are chained. The Code Signing Certificates are signed by the Thawte Code Signing CA Intermediate Certificate, chained to the Thawte Primary Root CA certificate.
Developer Code-Signing Technology
Whenever an application attempts to access your system, it has the potential to do anything, be it expected, or unexpected. To safeguard users, any code seeking additional privileges must be signed. The certificate displayed, identifies the developer or organization deploying that code. The signature also prevents the code being 'tampered' with, and redeployed.
Getting a Developer Code-Signing Certificate
Your browser creates the required files during the enrollment process (except in the case of a JavaSoft Certificate). Our verification team then sets about verifying the details contained in the certificate request submitted to us once the enrolment has been completed. As soon as the details have been verified thoroughly, you are issued a DigiCert Code Signing certificate tied to your organization.
Digicert Developer Support
Digicert is a trusted certificate provider. We do not make or support any software. We are more than happy to help wherever certificates are used. However, in the case of software-specific issues, we may not always be able to help. The best people to contact will always be your software vendor.
How long can I use a Code Signing certificate?
Code Signing certificates are valid for 1 to 3 years, depending on which life cycle you choose while purchasing the certificate.
You should also timestamp your signed code to avoid your code expiring when your certificate expires.
Is timestamped code valid after a Code Signing Certificate expires?
Digicert timestamp services allow you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the system validates the timestamp. If you use the timestamping service when signing code, your code’s hash is sent to the timestamp server to record your timestamp. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code signed with a Certificate that was valid at the time the code was signed but has subsequently expired.
Please specify the timestamp server URL you need when you sign your code. Digicert provides you with both SHA-1 and SHA-256 RFC 3161 timestamping URLs.
The timestamp server validates the date and the time that the file was signed. Therefore the certificate can expire, but the signature will be valid for as long as the file is in production. A new certificate is only necessary if you want to sign an additional code or re-sign code that has been modified.
If you do not use the timestamping option during the signing, you must re-sign your code and re-send it to your customers.
To verify if your file has been timestamped, you can use the verifying commands in our knowledge base articles. The date and time will be displayed when the file has been timestamped. No dates or a warning will appear when the file has NOT been timestamped.