Now that you’ve received a new Yubikey Token or Thales SafeNet (Gemalto) token containing your Code Signing certificate, you may be wondering just what to do next. This FAQ answers common questions you may have about how to get started with your new certificate and USB token.
SSL.com’s EV Code Signing certificates offer Windows 10 kernel-mode code signing and an instant SmartScreen reputation boost, all for as low as $240.00 per year. They are delivered on secure YubiKey FIPS USB tokens with two-factor authentication.
To sign files with your Code Signing certificate, simply plug the token into your computer and refer to this SSL.com article: Using Your Code Signing Certificate. Instructions will vary depending on the token or tool that you have.
- For instructions on using Microsoft SignTool with your Yubikey token, please refer to the section titled: Signing an Executable with Yubikey.
- For instructions on using Microsoft SignTool with your Thales SafeNet (Gemalto) token, please refer to the section titled: Code Signing with a Thales SafeNet (Gemalto) USB token
- For instructions on using Microsoft SignTool and SSL Manager with your Code Signing certificate, please refer to the section titled, Signing an Executable with SSL Manager.
- For instructions on using your code signing certificate with Java, please refer to our Java Code Signing Guide.
Signing kernel-mode and user-mode drivers in Windows 10 requires registration with the Windows Hardware Dev Center program. After you sign your driver with your certificate, it must be submitted to the Hardware Dev Center for signing by Microsoft. For complete information, please refer to Microsoft’s documentation:
• Kernel-Mode Code Signing Requirements
• Get started with the hardware dashboard program
• Register for the Hardware Program
Yes! The 3.0 release of SSL.com’s SSL Manager lets Windows users securely generate key pairs, order Code Signing and S/MIME certificates, and install certificates directly on their YubiKey from the application.
You can also generate key pairs and manage certificates on your YubiKey with Windows, macOS, and Linux computers via Yubico’s YubiKey Manager application. For more information, please read Key Generation and Attestation with Yubikey.
Code Signing certificate users can also use their certificate for hardware-free volume signing, team sharing, and CI/CD automation using the eSigner cloud signing platform. After ordering your Code Signing certificate, you can navigate to the user portal and begin the process there. Get more details on the process in this helpful guide.