Code signing is the process of using X.509 certificates to digitally sign software for safe distribution, hassle-free installation, and compliance with OS security policies. By signing their apps and drivers with a certificate issued by a reputable, publicly trusted certificate authority (CA) like SSL.com, developers and software vendors assure users that their software has been issued by a known and trusted developer, has not been tampered with, and is safe to install.
Code signing is especially useful for software distributed via the Internet, where there are ample opportunities for malicious third parties to alter applications, introduce malware or viruses, and/or impersonate legitimate software suppliers. By digitally signing code, software vendors also prevent users from having to click through OS warning messages or change default security settings when installing software:
Standard code signing certificates from SSL.com include validation of the identity of a business or other organization (known as organization validation, or OV), or an individual person (individual validation, or IV), and offer affordable protection for software applications distributed by individuals or organizations.
Extended validation (EV) code signing certificates are more expensive and only available to registered organizations, but provide a number of additional benefits over standard OV/IV code signing certificates:
• An EV code signing certificate is required to sign Windows 10 drivers (both kernel-mode and user-mode).
• EV code signing certificates provide instant Windows SmartScreen reputation for signed applications, so users will not have to click through “unrecognized app” warnings—which can appear even with standard OV/IV code signatures:
Unlike OV/IV certificates, EV code signing certificates require FIPS 140-2 Level 2 certified key storage and two-factor authentication. For these reasons SSL.com offers EV code signing certificates through its eSigner cloud signing service, on YubiKey FIPS USB tokens, and for installation on selected hardware security modules (HSMs) and cloud HSM services.
For more information on the different types of code signing certificates, please read Which Code Signing Certificate do I Need? EV or OV?
Please refer to the following how-tos for information on ordering, installing, and getting started with code signing and EV code signing certificates from SSL.com:
• Ordering and Retrieving Code Signing Certificates
• How to Install OV Code Signing Certificates
• Using Your Code Signing Certificate
• Getting Started with Your EV Code Signing Certificate
Currently, any SSL.com EV code signing certificate may be enrolled in eSigner, SSL.com’s cloud code and document signing service. Standard OV/IV code signing certificates are not available for eSigner enrollment, but will be in the near future.