Skip to main content

Document signing certificates

Code signing certificates verify the identity of the software publisher and confirm that code has not been modified since it was signed. When users download signed software, their operating system checks the signature and displays a trusted publisher notification. Unsigned or tampered software triggers security warnings.

CertCentral supports Code Signing and EV Code Signing certificates for signing executables, scripts, installers, and other distributable code.

Products

DigiCert offers three document signing certificate products in CertCentral:

Product

Validation level

Validation type required

Code Signing

An individual signs documents in their own name

CS: Code Signing Organization Validation

EV Code Signing

Extended validation

EV CS: Code Signing Organization Extended Validation

EV Code Signing provides higher assurance and immediate SmartScreen reputation with Microsoft Windows. A validated verified contact must approve each EV Code Signing order.

Certificate validity

As of February 24, 2026, the maximum validity for public Code Signing and EV Code Signing certificates is 459 days. DigiCert no longer issues 2 or 3-year public code signing certificates.

Private key requirements

All code signing private keys must be stored on a cryptographic device certified to FIPS 140-2 Level 2 or Common Criteria EAL4+. Private key export from certified devices is not permitted. DigiCert requires you to:

  • Code signing provisioning methods: To choose how to store your private key before ordering

  • Request a code signing or EV code signing certificate: To order on an Enterprise, Partner, or Legacy account

  • Request a code signing certificate from a CertCentral subscription: To order from an active subscriptionUse passwords of at least 16 randomly generated characters when transporting private keys

What's next

Dans cette section​: