Code signing certificates improve UX and acceptance as they validate the origin and authenticity of software and applications. They show users that the installation of program codes is safe.

<Run/Don't run>.
The advantages of code signing certificates

Icon Security Services
Protection against manipulation
Icon Daumen hoch
Improved user experience
Icon Download
Higher download rate
Icon Lampe
More awareness for applications
icon data share
Secure product distribution
Icon Code Branding
Branding with digital signature

How does code signing work?

Public key infrastructure

Digital signatures authenticate code by using public key encryption technology. The code is authenticated with a cryptographic key pair – a public and a private key. For this, code signing certificates use a cryptographic hash to guarantee the integrity of the code.

We work with globally leading PKI providers.

Why you should use code signing certificates.

Two trends are driving the demand for code signing certificates. More and more software is entering the market. At the same time, malware is becoming a more frequent occurence. As software companies look for possibilities to guarantee the integrity of their products, code signing certificates offer a suitable means of providing protection and demonstrating security and authenticity to users. 

icon Driver Software
Driver software
icon Ausführbare Dateien
Executable files
icon Firmware
Firmware
icon Driver Software
Scripts

What is the difference between OV and EV code signing certificates?

Features Code signing (OV) Code signing (EV)

Information displayed

Company name

Company name
Address 
Type

Digital signature for unlimited applications 

Compatible with established platforms
(MS Authenticode, Office VBA, Java, Adobe Air, Mac OS, Mozilla)

Immediate reputation with Microsoft Smartscreens
 

Removes warning "Unknown publisher"

Signature remains valid with use of timestamp

Timestamp available 
(recommended)

Timestamp available 
(recommended)

Code signing compatibility

Supported systems

Buy and manage code signing certificates.

In AutoDNS you gain access to a selection of code signing certificates from leading providers and for various applications. Use our domain and certificate platform to manage your certificate portfolio. 

  • TLS/SSL, S/MIME, VMC certificates
  • Certificate wizard and CSR generator
  • Advantages with Multi-year Plan 
  • API for easy implementation

Create account
Mockup AutoDNS buy certificates

Become a partner. With our SSL reseller program.

You are already an SSL reseller or would like to become one? You need a wide range of certifcates for your projects? 

Benefit from our SSL reseller program. We offer excellent B2B conditions and a white-label SSL management platform with API access.

Our Partner Managers will work with you to draw up an individual reselling strategy for your business.  

icon ssl certificates individual pricing
Individual prices
& conditions
Certificates for every use case
[Translate to Englisch:] partner success manager
Personal Partner Success Manager
Options for cross-selling and up-selling

FAQ.

Code signing protects both companies and users against damage due to software manipulation in executable files. The underlying process is based on the so-called public key infrastructure (PKI), which is also used for S/MIME or TLS/SSL certificates. It enables users to check the authenticity and validity of software before installation. By doing so, code signing certificates provide application security.

Thanks to the digital signature, users are able to make an informed decision about whether to execute the relevant software or file and can check its authenticity. As a rule, users should not trust unsigned code or applications as nobody can be held liable for any damages or errors in the application if the code has been manipulated by third parties.

Using code signing certificates, which are issued by independent certificate authorities like DigiCert, GlobalSign or Sectigo, the signature marks software applications with a "digital protection label" of sorts. This holds a number of competitive advantages:

  • Software companies visibly communicate their identity.
  • The integrity of digital products is guaranteed.
  • Code signing ensures more application security and leads to higher company reputation amongst users. 

There are two different types of code signing certificates offered by offical certificate authorities:

All types can be ordered and managed directly in AutoDNS

The final price for a code signing certificate is determined by factors like:

  • Provider
  • Validity period (12, 24 or 36 months)
  • Validation type (OV or EV)  

You can find all available code signing certificates and prices in AutoDNS under > Security. You can also find an overview of all prices for our products under under > User management. 

Every code signing certificate involves an identity check. Anyone who can prove their affiliation to a so-called "legal entity" (a registered company) or is a recognized software publisher can acquire code signing certificates as long as they meet the requirements for validation.

The delivery of code signing certificates depends on the certificate authority issuing the certificate.

  • DigiCert delivers the certificates on a hardware token - optionally on a Digicert token (fee-based) or on a suitable hardware token provided by the certificate owner.
  • Sectigo delivers the certificates on a hardware token - optionally on a Sectigo token (fee-based) or on a suitable hardware token provided by the certificate owner. The hardware token must verfiably originate from a specified provider.
  • GlobalSign sends a free hardware token (once) which is included in the basic price. The hardware token cannot be cancelled.


Customs fees may apply for shipping.

Different application platforms support the signing of code and files and offer various tools and solutions.

Below you will find a list of the most common code signing types i.e. applications along with further information and instructions.

  • Adobe Air
  • Apple OS X
  • Java
  • Microsoft Authenticode Dateien in 32 bit and 64 bit user modus ..cab, .cat, . ctl., exe, .dll, .ocx, .msi, .xpi and .xap.
  • Code for Microsoft Office
  • Windows Makro and Visual Basic
  • Mozilla & Netscape Objects

How to 

Yes, in most cases. The warning is often generated by the Microsoft software called SmartScreen, which checks the reputation of a file i.e. software. A code signing certificate supports SmartScreen and helps it to determine whether a file or application is authenticated and safe. However, this cannot be guaranteed for all application cases. 

Code signing certificates that are issued by public and independent certificate authorities (CAs) generate digital signatures that are recognized and classified as trustworthy by all standard operating systems and application platforms worldwide. 

CAs like DigiCert, GlobalSign or Sectigo are subject to strict standards for issuing certificates and must undergo regular audits in order to guarantee compatibility with operating systems like or applications like Microsoft, Apple, Google or Mozilla.

With signed code, operating systems and applications check the issuing CA and the hash of the certificate used for the signature. If the CA is not included in the trusted list (root store) or if the hash is not identical, the signature is not trusted and the verification fails.

With private code signing, no such "seal" is added by a third and independent party. For this reason, we recommend acuiring a trusted code signing certificate for publishing and distributing software online so that the software application is labeled as safe to use. 

Every code signature is generated on the basis of the content of the file that should be signed. The signing tool computes a compressed version of the file – the hash – and signs it using the relevant digital code signing certificate. The signed has is then embedded at a position in the code that is reserved for digital signatures. 

As soon as the distribution of the signed file i.e. application or software is initiated, all standard operating systems as well as the relevant applications recognize the digital signature of the file. They automatically compute a hash of the file (without using the signed has in the computation) and compare it with the embedded signed hash. If these are identical, the validation is successful and the authenticity is verified. If the computed hash does not match the signed hash, the validation fails. A failed validation means that the content of the file has been changed after the file was digitally signed (whether due to error or due to malicious intent).

The reliability of this mechanism relies on the strength of the algorithm used for computing the hash – the longer the hash, the better. One of the standards most commonly used is SHA-256, an algorithm that generates a 256-bit hash. 

Become our partner.

Do you have questions about the validation or implementation of certificates? Or do you want to conquer the market as an SSL reseller? Take advantage of the immense benefits we can offer you as a leading ISP. We will be happy to advise you.