The industry’s security standards body now requires all code signing certificate private keys to be stored on secure hardware. This comprehensive guide walks through the process of setting up your secure USB token. We recently shared…
To protect signing keys against theft and misuse, the industry rolled out new security requirements for code signing certificates. Here’s what to know about these changes and what they mean to you as a developer or…
41% of tech organizations are planning to increase investments in cloud-based services and products in 2023. Want to get a piece of the pie? Uncover the power of the Docker registry for building, sharing, running, and…
Tired of maintaining and securing too many digital certificates and keys? You’re not alone. 72% of organizations say the increasing number of keys and certificates they use is driving them crazy. To ease the pain, learn…
Four and a half minutes: This is the amount of time it takes to make a real Italian espresso and how long it takes the newly discovered Rorschach malware to lock customers out of their files…
Discover the causes of technical debt and learn how to mitigate them before attackers exploit these security flaws to get into your network. (Considering they did this to a U.S. federal agency, surely bad guys can do…
According to Veracode, one-third of applications are released with security flaws. Five years after publishing, 70% contain at least one vulnerability. Learn what tech debt is and how tackling it will help you reduce vulnerabilities that could put…
Are you trying to sign your code in Visual Studio and the message ‘An error occurred while signing: SignTool.exe not found’ keeps popping up? Discover how to fix it in a blink of an eye, without…
Did you try to sign your code and got stuck on the ‘No certificates were found that met all the given criteria’ error? Find out what causes this mysterious issue and discover the solution that’ll enable…
‘PowerShell Script Is Not Digitally Signed.’ Sounds familiar? Find out what it means, the best way to fix it, and why bypassing this error generated by one of the most exploited attack vectors, could put your organization…
In July 2022, ethical hackers identified 648 vulnerabilities in the U.S. Department of Defense’s (DoD) systems during a 7-day bug bounty challenge. Would your web app pass the test? Discover 8 cutting-edge best practices that’ll help you develop…
In 2022, Google Play and App Store hit the mark of 142 billion downloads. Have you just downloaded software and Windows blocked it because the publisher could not be verified? Are your customers complaining about the same…
Authentication, integrity, non-repudiation. Three magic words that could help your organization save an average of $18,000 in case of a cyberattack. Learn everything about three digital signature uses and find out how, together, they can boost the security…
How do you spot fake software, emails, and files among the colossal amounts of data consumed every year (e.g., more than 100k exabytes in 2022 alone, according to IDC)? Explore how digital signatures can help your organization to…
Are you ready for a year when multifactor authentication may become ineffective and attackers will adopt new hacking vectors like cloud-aware ransomware to get to your data? Learn how to enhance your database security now to stay ahead of cyber…
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Cloud Signing Account Access
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Google Cloud KMS (Cloud HSM)
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Google Cloud KMS (Cloud HSM)
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.