Home » Software Security Blog » How to Generate a CSR for a Code Signing Certificate in Windows
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Here’s How to Generate a CSR to Request a Code Signing Certificate

Are you a software developer or an organization that develops software, apps, or drivers for Windows? Are you looking to publish your software package on various platforms so that users can download it? If you’ve answered YES to any of these questions, then a code signing certificate is something that you must have it.

With today’s generation, users are aware of the security threats posed by malicious software and websites. They know what computer viruses and malware are and how harmful they can be. So, they’re also taking active steps to avoid any situation which can harm them. That’s why signing your software is so important. Unsigned software packages usually display a security warning message, which will likely make users run away because they think that it’s not safe to use.

You might already be aware of code signing certificates as a software developer or a publisher whose looking for information on how to generate a CSR for a code signing certificate. However, if you’re not already familiar, then we would say: a code signing certificate is one type of X.509 certificate that attaches a digital signature to signed software, apps, and codes. The digital signature that attached to your software using code signing certificate works like an assurance that you’re a verified software publisher, and your software hasn’t been tampered with since its signing so it’s safe to use it.

generate-csr-for-windows-cds

After Purchasing a Code Signing Certificate Request CSR

Once you’ve purchased a code signing certificate from a respected certificate authority like Sectigo, your next step will be generating a CSR (Certificate Signing Request). When you generate a CSR, you’re creating an encoded message about yourself as a requestor of a code signing certificate which includes information such as:

  • Common Name (Publisher Name) for a code signing certificate.
  • An email address for contacting you regarding the certificate.
  • Public key (tied to a private key which is saved on your device).

Once you fill out the information, it’ll be sent to a trusted certificate authority, who will issue your code signing certificate. Let’s take a look at with the process using an example – you purchased a code signing certificate from a Sectigo CA. Once you generate the CSR, all the information in the CSR about you and your organization will be provided to Sectigo, and it’ll state that you’re the one who has requested a code signing certificate.

windows-white-logo

Save 21% – Windows Code Signing Certificates

Digitally “Shrink Wrap” Your Code & Increase Users’ Trust and Confidence

Buy Windows Code Signing at Only $211

Steps to Create a CSR for a Code Signing Certificate in Windows

Creating a CSR (Certificate Signing Request) is quite straightforward. However, a CSR can only be generated in certain web browsers like Mozilla Firefox ESR or Internet Explorer 11. (Because these browsers support a unique function that is needed for completing a CSR process successfully while generating public/private key pairs quickly and securely.)

Below Are the Steps for Generating a Certificate Signing Request (CSR)

For generating a CSR, first open your selected web browser: Mozilla Firefox ESR or Internet Explorer 11.

  • Now, login to the website you purchased a code signing certificate from. If you’ve purchased from here, log in to staging.staging1-codesigningstore.flywheelsites.com.
  • Now locate the details of the certificate and click on the button: Generate Certificate.
  • Enter all the required information.
  • Click on the Submit button.
  • Your browser will generate the key pair after you click on the Submit button. The CSR will be generated and sent directly to the CA.

Once all the steps are completed successfully, you’ll be issued an order number from the CA. And then you’ll be required to validate your code signing certificate before it gets issued. You’ll need to follow the guidelines of the validation process maintained by the CAs, which includes providing important information about yourself and your organization to prove that you’re a legal entity, for example, your organization’s registration details. The entire validation process takes around 1-5 business days, depending upon how early you provide all the asked information.

After the information is verified and the validation step is completed, the CA will issue and send you the requested code signing certificate to you on the email address that you registered at the time of purchasing a code signing certificate. At this point, all you have to do is download that certificate as a PFX (.p12) file and save it on your desktop and then export the file into your web browser.

Note:

It’s recommended that you use the same computer and browser that you used for generating the CSR for completing the process. It’s important because the private key is stored on the same computer which you used for generating a CSR.

Summary

Many certificate authorities offer code signing certificates for Windows like Sectigo, DigiCert, & Comodo. But, the process of generating a CSR and collecting a code signing certificate is the same. First, you purchase a code signing certificate, then generate a CSR, provide all the information and then proceed with other steps like submitting all the required information to fulfil the vetting process and finally get your code signing certificate issued.