DigiCert Code Signing Certificates

Code signing allows you to confirm digital binaries haven’t been altered by attaching a digital certificate to the code. This certificate uses Public Key Infrastructure (PKI) to attest to the integrity of the code or software, and it attaches a cryptographically unique user and timestamp, so you know who signed the code and when.

You can sign all types and forms of digital binaries, including firmware, drivers, applications, containers, mobile apps, and even source code artifacts.

Effective June 1, 2023, code signing certificate key pairs may only be issued and stored in a Hardware Security Module (HSM) that meets or exceeds FIPS 140-2 Level 2 or Common Criteria EAL 4+ standards. This ensures the private key is protected and cannot be exported, leading to greater security.

In compliance with CA/B Forum regulations, DigiCert sets up private keys using secure tokens. You can get a token from DigiCert, or you can use your own, but you’ll need to set it up to sign code. Read about the setup process here.

DigCert certificate subscriptions allow you the flexibility to easily replace or reconfigure certificates and other licensed products, simplify budgeting by annualizing the fees associated with your certificates, and automate license renewals for streamlined certificate lifecycle management.