Pedir un certificado de firma de código

Industry moved to RSA 3072-bit key minimum for code signing certificates

To comply with industry changes, DigiCert has made the following changes to our code signing certificate process:

  • Only issues RSA 3072-bit key or larger code signing certificates*
  • Uses new intermediate CA and root certificates to issue our code signing and EV code signing certificates: RSA and ECC

eToken and HSM changes

DigiCert supports two eTokens:

  • 5110 CC for RSA 4096-bit and ECC P-256-bit key certificates
  • 5110 FIPS for ECC P-256 and P-384-bit key certificates

HSM must:

  • Support RSA 3072-bit or ECC P-256-bit keys sizes or larger
  • Be FIPS 140-2 Level 2+ or Common Criteria EAL4+ compliant devices

*Note: All existing 2048-bit key code signing certificates issued before June 1, 2021, will remain active. You can continue to use these certificates to sign code until they expire.

Learn more about the change to 3072-bit key code signing certificates.

Before you begin

  • Generate CSR
    If you will be using your Code Signing (CS) certificate with the Sun Java platform, you must submit a certificate signing request (CSR) with your order. However, you can include a CSR with your order for any platform.
    To remain secure, certificates must use an RSA 3072-bit or ECC P-256-bit key size or larger. To find instructions about creating a CSR for different operating systems and platforms, see Create CSR for a code signing certificate request.
  • Prevalidate organization
    Make sure the organization you want to associate your Code Signing (CS) certificate with has been prevalidated for CS Organization validation. In the Organization dropdown, we only list organizations with CS Organization validation. See Submit an organization for prevalidation.
  • Prevalidate domain
    When adding an email address as the subject of a code signing certificate, the email address must include a validated domain. For example, if you want to add john.doe@example.com, you must prevalidate example.com. See Domain prevalidation. Only prevalidated domains appear on the order form.
    Note: Adding an email address is optional. Depending on how your account was set up, you may not be able to add an email address to your Code Signing certificate.

Order your CS certificate

In the left main menu, hover over Request a Certificate then, under Code Signing Certificates, select Code Signing. Fill out the Request a Code Signing Certificate form and submit.

Certificate Settings

  1. Organization

    In the dropdown, select the organization you want to associate your CS certificate with.

  1. Organization Unit

    Adding an organization units is optional. You can leave this box blank.

When the box is left blank, the certificate issued will not have an OU value on it. If you require an OU on your certificate, you must enter the value during enrollment. Your OU will not be auto-populated from the CSR.

If you include an organization unit in your order, DigiCert will need to validate it before we can issue your certificate with the OU field

  1. Validity period

    Select a validity period for the certificate: 1 year, 2 years, or 3 years.

  1. Signature Hash

    Unless you have a specific reason for choosing a different signature hash, DigiCert recommends using the default signature hash: SHA-256.

  1. Subject Email (CertCentral Enterprise/Partner accounts only)

    Expand Show Available Domains and select the domain for your email address. The email address you provide must have a validated domain.

    Add the email address you want to appear as the subject on the Code Signing Certificate is optional.

Adding an email address is optional. Depending on how your account was set up, you may not see this option on your order form.

  1. CSR

    Upload or paste your CSR in the CSR box.

The Sun Java Platform is the only platform that requires you to submit a CSR. For all other platforms, submitting a CSR is optional.

Order Options

  1. Server Platform

    Select the platform you are planning to use your certificate for.

To use the certificate with a different platform, reissue your certificate and select a different platform.

  1. Comments to Administrator

    Enter any information that your administrator might need for approving your request, about the purpose of the certificate, etc.

  1. Additional Renewal Message

    To create a renewal message for this certificate, type a message with information relevant for the certificate’s renewal.

  1. Additional Emails

    Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails, such as certificate issuance, certificate renewals, etc.

  1. Auto-renew

    To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.

    With auto-renew enabled, a new certificate order will be automatically submitted when this certificate nears its expiration date. If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 39 months).

Payment Information

  1. Select Payment Method

    Under Payment Information, select a payment method to pay for the certificate:

    1. Bill to Credit Card
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.
      Note: We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate. If you have a contract enabled you will need to check the box next to 'Exclude from contract terms'.
    2. Bill to Account Balance
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.
      To deposit funds, click the Deposit link.
      Note: The Deposit link takes you to another page in your CertCentral account. Any information entered in the request form will not be saved. If you have a contract enabled you will need to check the box next to 'Exclude from contract terms'.
    3. Pay with Contract Terms
      Have a contract and want to use it to pay for the certificate? When you have a contract, it is the default payment method.

  1. Certificate Services Agreement

    Click Certificate Services Agreement. Read through the agreement and check I agree to the Certificate Services Agreement.

  1. Click Submit Certificate Request.

    When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.

What's next

When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.

Complete organization validation

To validate or authenticate your authority to order a certificate for the organization on your certificate order, we will call a verified phone number to speak with some who represents you, the certificate requester, such as Human Resources, a Manager, or technical contact.

To complete organization consent for your certificate order:

  • Answer the organization/validation phone call (preferred method)*
    After you submit your certificate order, make sure that the organization contact, technical contact, and company receptionist are aware that you’ve ordered a code signing certificate. Let them know that DigiCert will call a verified phone number to speak with one of them to complete organization validation or authentication. This phone call usually takes place within 24 hours of the certificate order being placed.
  • Respond to the organization consent message
    If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message that includes a call back phone number and a verification code. Make sure that organization or technical contact responds to the message and provides us with the verification code.
  • Schedule a time for a call back through the verified phone number
    If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they may send you an email to schedule a time for us to call back and complete the verification. You may use this link to schedule a time when the representative will be available to answer the call: https://digicert.simplybook.me/v2/#book.
    Appointments display in your local time. You don't need to convert the time.

Certificate issuance

Once the validation is complete, we will send an email to the certificate requestor with certificate installation instructions.

Acerca de nosotros

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.