Signs and superstitions 

Getting a Code Signing certificate for an individual has become available! Code Signing certificates for software Companies issuing code signing certificate

By program. (In order not to get confused in the description of its options, it should be noted that the extended set options do not include the base set options)

1) To create certificate of my personal root CA The following code worked for me on 2008R2:

PS C:\Users\Administrator> &"C:\Program Files (x86)\Microsoft.NET\SDK\v2.0\Bin\makecer t.exe" -r -pe -n "CN=mycompany.ru" - ss CA -sr CurrentUser -a sha1 -cy authority -sky signature -sv mycompany.pvk mycompany.crt

2) Then we create code signing certificate using the previously created personal root authority:

PS C:\Users\Administrator> &"C:\Program Files (x86)\Microsoft.NET\SDK\v2.0\Bin\makecer t.exe" -pe -n "CN=mycompany_code_signing"

A sha1 -cy end -sky signature -ic "C:\Users\Administrator\Desktop\mycompany.crt " -iv "C:\Users\Administrator\Desktop\mycompany.pvk " -sv mycompany_code_signing .pvk mycompany_code_signing .cer

3) Importing certificates into the system:
Our new root certificate is easily imported via the GUI by double-clicking (*.crt) - you just need to specify that it goes to the root certificates section
Our code signing certificate is easier to add. it must be added with a key.

Context: There is a standard format for storing both the certificate and the key in one file and it is called *.pfx. The problem is that in the previous steps we generated both the key and the cert in separate files, and the key is generally in the proprietary Microsoft *.pvk format. There are two ways to do the job:
1) Use pvk2pfx.exe which is distributed in the best traditions of Microsoft - fuck knows where. The .NET 2.0 SDK doesn't have it, but the Windows Software Development Kit for Windows 8.1 does. But this SDK is large and takes a long time to install. But the import goes to the GUI on a mouse click.
2) Use pvkimport.exe (which by the way can also export to pfx). The syntax is simple, only *.crt and *.pvk are specified as.

4) Add our se The certificate for signing code to trusted publishers is still in the same MMC, so that PS has fewer questions.

5) Sign the code, there are two ways:
1) Graphical, available only in the outdated version of the signtool program from the same .NET 2.0 SDK. It needs to be run with a wizzard key or something like that.
2) Standard - signtool from the Win 8.1 SDK does not have a wizard, but signs like this:

&"C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" sign /v "C:\Users\Administrator op\Desktop\new_test.ps1" It has a lot of keys, but if you do not specify them, it automatically finds the required certificate. If there are several sets, you will have to figure out how to specify the right one.

A good answer for the whole stackoverflow procedure:

While you can create a self-signed code-signing certificate (SPC - Software Publisher Certificate) in one go, I prefer to do the following:

Creating a self-signed certificate authority (CA)

makecert -r -pe -n "CN=My CA" -ss CA -sr CurrentUser ^ -a sha256 -cy authority -sky signature -sv MyCA.pvk MyCA.cer

(^=allow batch command line to wrap line)

This creates a self-signed (-r) certificate, with an exportable private key (-pe). It "s named "My CA", and should be put in the CA store for the current user. We"re using the SHA-256 algorithm. The key is meant for signing (-sky).

The private key should be stored in the MyCA.pvk file, and the certificate in the MyCA.cer file.

Importing the CA certificate

Because there "s no point in having a CA certificate if you don" t trust it, you "ll need to import it into the Windows certificate store. You can use the Certificates MMC snapin, but from the command line:


certutil -user -addstore Root MyCA.cer

Creating a code-signing certificate (SPC)

makecert -pe -n "CN=My SPC" -a sha256 -cy end ^ -sky signature ^ -ic MyCA.cer -iv MyCA.pvk ^ -sv MySPC.pvk MySPC.cer

It is pretty much the same as above, but we"re providing an issuer key and certificate (the -ic and -iv switches).

We"ll also want to convert the certificate and key into a PFX file:


pvk2pfx -pvk MySPC.pvk -spc MySPC.cer -pfx MySPC.pfx

If you want to protect the PFX file, add the -po switch, otherwise PVK2PFX creates a PFX file with no passphrase.

Using the certificate for signing code

signtool sign /v /f MySPC.pfx MyExecutable.exe

If you import the PFX file into the certificate store (you can use PVKIMPRT or the MMC snapin), you can sign code as follows:


signtool sign /v /n "Me" /s SPC /d http://www.me.me ^ /t http://timestamp.url MyExecutable.exe

Some possible timestamp URLs for signtool /t are.

  • Validation: Business
  • Issue: 1-2 days
  • Support Windows: Yes
  • Authenticode Signing: Yes
  • Apple Applications: Yes
  • Install check: Yes
  • Browsers: 99.3%
  • Microsoft Authentication: Yes
  • SunJava: Yes
  • Microsoft Office and VBA: Yes

Description of the SSL certificate

Ideal product for software developers- Comodo Code Signing SSL certificate. It is used to protect software products distributed over the Internet. Your users will be sure that the code downloaded on your site really belongs to you, and is not intentionally corrupted or modified, this applies to downloaded files (.dll, .ocx, .cab or .exe).

This certificate is available to both companies(organizations) and individuals. Complete confirmation of the immutability (integrity) of the program code from the moment it was released by the manufacturer. Identifies the manufacturer of the software. Signature - 32/64 bit.

Using this certificate, you can sign: dll - dynamically linked libraries; ocx - ActiveX components; exe - executable files; jar - Java archives; cab - files for software installation; The certificate also allows you to sign: Flex, Adobe, Flash, Dreamweaver files.

  • Comodo - the guarantor of trust on the Internet

    More than 600 people work and try to make the Internet more secure, both for individual users and large corporations. Comodo provides the widest range of services in the online security market: protection of e-mail, software, websites, internal systems, DNS maintenance, native browser and much more. More details can be found on the official website. www.comodo.com

  • With Business Validation

    For a business layer SSL certificate, you need confirm ownership of the domain, as well as provide documents of your company. The issuance process takes approximately 2-3 business days. This certificate is suitable for corporate websites. Check out the list of required documents.

  • Comparison of SSL certificates

    We provide one of the most detailed comparisons SSL certificates available today. By comparing certificates you will be able to choose the best certificate for your needs, remember price is not the key factor.

What open spaces are now opening up for application developers, when you don’t need to depend on any company, you don’t need to create an IP, but just provide the necessary list of documents and you can change your life once and for all, who knows, maybe now, on the other side of the screen sits the future owner of the Internet giant, like Microsoft or Google? This article will be useful not only for existing developers, but also for those who have encountered this certificate for the first time. First, let's talk a little about the Code Signing certificate itself. is a specialized digital certificate that can be used to sign software, various scripts, applications, macros, etc., so that there are no copyright problems. It guarantees:

  1. The authenticity of the source. This software was signed by the company, sole proprietor or developer as a private individual specified in the certificate
  2. Code safety. Since the beginning of the purchase and installation of the certificate, the program has not been damaged, changed or supplemented. This certificate is commonly referred to as a developer certificate;
  3. Increases customer confidence;
  4. Increases the number of program installations;
  5. Protects the reputation of the software developer;
  6. Compatible with Windows 7, 8 and 10.

If you are a unique developer, then your code is your name. If the work of your program is disrupted, infected with a virus or corrupted, then it will be almost impossible to regain the trust of potential buyers. Protect yourself, your software users, and your good name with a trusted digital code signing certificate. Code signing certificates use a unique cryptographic cipher.

Microsoft is very strict about how developers sign their applications.

Starting with Windows XP and ending with Windows 10, when you install software without a certificate, you get a warning that the program is not safe. These requirements apply to driver installation as well. If no such signature is found, Windows will mark your application as not secure. If the application is signed, then the system will mark it as positive for use and you can see information about the publisher.

In addition to the usual Code Signing, there is EV Code Signing. What are its advantages?

Certificates with extended company validation () has all the same features as regular Code Signing. Plus, it provides:

  1. Digital signing of an unlimited number of applications with a single certificate;
  2. Compatible with major platforms (Authenticode, Office VBA, Java, Adobe AIR, Mac OS, Mozilla);
  3. The address of the company and the type of organization are reflected in the certificate.
  4. Strict Verification Process - Buyers of EV Code Signing Certificates go through a more detailed authentication process than when obtaining a regular Code Signing Certificate.
  5. Instant reputation with Microsoft SmartScreen filter. Starting with Internet Explorer 9.0 and Windows 8, applications signed with an EV signing certificate have immediate reputation, so no warning alerts will be presented to the downloader.

Important note! Microsoft has required the Windows 10 operating system to sign all drivers with an EV Code Signing certificate. Drivers that will be signed with a regular certificate will not be accepted.

What platforms is this certificate for?

This certificate can be used on a wide range of platforms. It will work without any difficulties on:

  1. Microsoft Authenticode: 32-bit and 64-bit .exe, .dll, .cab, .ocx, .xpi and .xap, .msi file formats, as well as applications and kernel drivers.
  2. Apple Code Sign: software for Mac OS, software updates.
  3. Java Code Sign: Java applets (.jar files and Java applications). The Comodo Code Signing certificate is supported in the JRE (Java Runtime Environment).
  4. Adobe Air Sign: .air files. Required for signing all AIR applications.
  5. Mozilla: code for any Mozilla object file.
  6. Microsoft Silverlight: Supports Silverlight applications and .xaf files
  7. Microsoft office code signingMicrosoft Office: code for MS VBA objects, scripts and macros and MS Office .doc, .ppt and .xls files

What is required to issue a certificate for an individual!?

Documents that will need to be submitted to issue a certificate for an individual:

  • Scanned copy of the passport (first 2 spreads);
  • Scanned copy of your personal TIN;
  • Scanned copy of a utility bill or telephone (to confirm the address);
  • A scanned copy of a bank card (part of the digits of the card number must be closed) or a bank statement for any account (to confirm the name and surname);
  • Phone number verification (mobile or landline);
  • E-mail confirmation (which is specified in the order);
  • Form from Comodo in English (for more details about the form, please contact our technical support).

On our site you will find a wide range of code signing certificates at the best prices. For all questions about the certificate itself and its issuance, you can contact our tech. support by means:

  • mobile communication;
  • chat on the site;
  • Email.

We will be happy to provide you with a certificate as quickly and efficiently as possible!

Code Signing certificates for software

Code signing certificates or developer certificates sign software. This is evidence that the program code is original - it was written by a certain developer and did not change after the digital signature of the program was applied.

If you install software that is not signed accordingly, the operating system will issue a warning. When the software is signed, the owner of the computer can get brief information about the developer during installation. This helps to make sure the software is safe.

What are Code Signing

Certificates are issued by certification centers - these are companies that have been accredited, having received the right to issue digital signatures. Certificates differ in the types of software they sign. There is also an extended validation certificate issued specifically for applications and drivers in Windows 10.

How App Digital Signature Works

First, the developer contacts the certification authority and requests Code Signing. Then it creates a hash of the code using a certain algorithm, encrypts it with a private key, and receives a publisher's certificate. When a user installs a signed program, the system checks, runs the algorithm, recreates the hash and compares it with the hash of the program. If the hashes match, the applications are signed with a valid code.

You can buy Code Signing only for individual entrepreneurs and companies. Registration for an individual is not possible. Our support will be happy to answer any questions about certificates.