Learn how to generate and install a standard Code Signing certificate

Note: On June 15, 2022, DigiCert will end support for code signing certificate, key generation in Internet Explorer (IE) 11 and IE mode on Microsoft Edge. To continue to use browser-based key generation, use our new key generation service—supported by all major browsers.

Before you begin

Your browser determines what you must do to generate your code signing certificate:

  • Windows and macOS: Microsoft Edge, Safari, Google Chrome, and Firefox
  • Windows only: Internet Explorer and Microsoft Edge (IE mode)

Microsoft Edge IE-mode

By default, Microsoft Edge does not support key generation. However, you can enable IE mode for Edge. IE mode allows you to generate the keys for your code signing certificate in Microsoft Edge. For more information on enabling IE mode for Edge, see Microsoft's article, What is Internet Explorer (IE) mode.

Sun Java

Is your code signing certificate for the Sun Java Platform? Then see our Java Code Signing Certificate Set Up and Usage Guide.

Generate and install your certificate: Microsoft Edge, Safari, Google Chrome, and Firefox

Use DigiCert's new KeyGen tool to perform browser-based certificate key generation. KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and we send the certificate back. Then KeyGen downloads a PKCS12 (.p12) file that contains the certificate and the private key. The password you create during the certificate generation process below protects the PKCS12 file.

  1. Open a browser that supports DigiCert KeyGen client certificate generation:

    • Windows: Microsoft Edge, Google Chrome, or Firefox
    • macOS: Safari, Google Chrome, Firefox, or Microsoft Edge
  2. Follow the link in the DigiCert Code Signing certificate email.

    After DigiCert validates the information in your order, we send an email with a link to create and install your code signing certificate.

    Email subject lines:

    • Create Your DigiCert Code Signing Certificate (Order #)

    • Reissue Your DigiCert Code Signing Certificate (Order #)

    Note: From the date DigiCert sent the email, you have thirty days to create your code signing certificate. After thirty days, the link in the email expires. To get a new link, you must reissue/rekey your code signing certificate so that we can reapprove your code signing certificate order. See Reissue or Re-Key Your Code Signing Certificate.

  3. On the Generate your DigiCert Code Signing Certificate page, verify the information is correct.

  4. Create and confirm your certificate password.

    You will use this password each time you install your certificate. If you forget your password, you won't be able to install the certificate. So, make sure to store it safely, such as in a password manager.

    Important: If you lose your password, you will need to reissue your certificate.

  5. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement.

  6. 6. When ready, select Generate Certificate.

  7. Verify your .p12 certificate file was successfully generated and downloaded.

  8. Use your password to open the .p12 file and install your code signing certificate in your personal certificate store.

Generate and install your certificate: Internet Explorer (IE) or Microsoft Edge – IE mode

Use IE or Microsoft Edge – IE mode for browser-based certificate key generation. The browser creates a private key and CSR. The browser stores the private key in the backend of your browser. Then the browser sends the CSR to DigiCert, and we send files back to the browser for installation. The browser installs the certificate files in the browser's personal certificate store.

  1. Open a browser that supports DigiCert code signing certificate generation: • Windows: IE 11 or Microsoft Edge – IE mode

    • Windows: IE 11 or Microsoft Edge – IE mode
  2. Follow the link in the DigiCert Code Signing certificate email.

    After DigiCert validates the information in your order, we send an email with a link to create and install your code signing certificate.

    Email subject lines:

    • Create Your DigiCert Code Signing Certificate (Order #)

    • Reissue Your DigiCert Code Signing Certificate (Order #)

    Note: From the date DigiCert sent the email, you have thirty days to create your code signing certificate. After thirty days, the link in the email expires. To get a new link, you must reissue/rekey your code signing certificate so that we can reapprove your code signing certificate order. See Reissue or Re-Key Your Code Signing Certificate.

  3. On the Generate your DigiCert Code Signing Certificate page, verify the information is correct.

  4. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement

  5. When ready, select Generate Certificate.

  6. The browser installs the certificate files in the browser’s personal certificate store.

    Internet Explorer and Microsoft Edge install your code signing certificate in the Personal Certificate Store of your Computer Account in the MMC. See (Windows) Verifying Your Code Signing Certificate Installation.

What's next

You are ready to sign your code. See our Code Signing Support & Tutorial pageto learn more about signing code.

You can export your code signing certificate as a .pfx file for Windows and a .p12 file for Mac and Firefox.


Get code signing certificates for just $474/year

Buy Now