Industry moved to RSA 3072-bit key minimum for code signing certificates
To comply with industry changes, DigiCert has made the following changes to our code signing certificate process:
eToken and HSM changes
DigiCert supports two eTokens:
HSM must:
*Note: All existing 2048-bit key code signing certificates issued before June 1, 2021, will remain active. You can continue to use these certificates to sign code until they expire.
Learn more about the change to 3072-bit key code signing certificates.
In the left main menu, hover over Request a Certificate then, under Code Signing Certificates, select Code Signing. Fill out the Request a Code Signing Certificate form and submit.
Organization
In the dropdown, select the organization you want to associate your CS certificate with.
Organization Unit
Adding an organization units is optional. You can leave this box blank.
When the box is left blank, the certificate issued will not have an OU value on it. If you require an OU on your certificate, you must enter the value during enrollment. Your OU will not be auto-populated from the CSR.
If you include an organization unit in your order, DigiCert will need to validate it before we can issue your certificate with the OU field
Validity period
Select a validity period for the certificate: 1 year, 2 years, or 3 years.
Signature Hash
Unless you have a specific reason for choosing a different signature hash, DigiCert recommends using the default signature hash: SHA-256.
Subject Email (CertCentral Enterprise/Partner accounts only)
Expand Show Available Domains and select the domain for your email address. The email address you provide must have a validated domain.
Add the email address you want to appear as the subject on the Code Signing Certificate is optional.
Adding an email address is optional. Depending on how your account was set up, you may not see this option on your order form.
CSR
Upload or paste your CSR in the CSR box.
The Sun Java Platform is the only platform that requires you to submit a CSR. For all other platforms, submitting a CSR is optional.
Server Platform
Select the platform you are planning to use your certificate for.
To use the certificate with a different platform, reissue your certificate and select a different platform.
Comments to Administrator
Enter any information that your administrator might need for approving your request, about the purpose of the certificate, etc.
Additional Renewal Message
To create a renewal message for this certificate, type a message with information relevant for the certificate’s renewal.
Additional Emails
Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails, such as certificate issuance, certificate renewals, etc.
Auto-renew
To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.
With auto-renew enabled, a new certificate order will be automatically submitted when this certificate nears its expiration date. If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 39 months).
Select Payment Method
Under Payment Information, select a payment method to pay for the certificate:
Certificate Services Agreement
Click Certificate Services Agreement. Read through the agreement and check I agree to the Certificate Services Agreement.
Click Submit Certificate Request.
When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.
When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.
To validate or authenticate your authority to order a certificate for the organization on your certificate order, we will call a verified phone number to speak with some who represents you, the certificate requester, such as Human Resources, a Manager, or technical contact.
To complete organization consent for your certificate order:
Once the validation is complete, we will send an email to the certificate requestor with certificate installation instructions.