Using the DigiCert Certificate Utility to Sign Your Code

Microsoft is changing the process for signing your kernel-mode driver packages
Starting in 2021, Microsoft will be the sole provider of production kernel-mode code signatures. You will need to start following Microsoft’s updated instructions to sign any new kernel-mode driver packages going forward. To lean more, see our knowledge base article—Microsoft sunsetting support for cross-signed root certificates with kernel-mode signing capabilities.

If you have not yet ordered your Code Signing Certificate, visit Code Signing Certificates.

After installing your DigiCert Code Signing Certificate on your Windows server or workstation, use the DigiCert® Certificate Utility for Windows to:

 

How to Sign Your Code with the DigiCert Utility

  1. If you are using an EV Code Signing Certificate, plug in your token/device now.

  2. On your Windows server or workstation, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  3. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  4. In the DigiCert Certificate Utility for Windows©, click Code Signing (blue and silver shield), select the Code Signing Certificate that you want to use to sign your code, and then, click Sign Files.

    If you do not see your EV Code Signing Certificate, plug in your token now.

  5. In the Code Signing window, click Add Files, then browse for and select the file that you want to sign.

  6. Next, check Add a timestamp to the signature if you want to time stamp your signature.

    • To add a timestamp, you must be connected to the Internet.

    • Adding a timestamp allows your signature to remain valid after the Code Signing Certificate has expired, as long has the code remains unchanged.

  7. Finally, click Sign.

  8. When you receive the “All the files have been successfully signed” message, click OK.

  9. Congratulations, you should now have a freshly signed piece of code, ready to use!
 

How to Check Your File's Signature

  1. In the DigiCert Certificate Utility for Windows©, click Code Signing (blue and silver shield).

  2. Next, click Check Signature to select and open the file whose signature you want to check.

  3. In the Code Signed Signature Check window, you should see a green checkmark for “The file is signed and the signature was verified”.

    If you checked Add a timestamp to the signature, you should also see a green checkmark for “The signature was time stamped by DigiCert Inc on 'Date and Time'”.

Get code signing certificates for just $474/year

Buy Now

Code Signing Support

SSL Certificates