Order a Code Signing certificate
- Generate CSR
If you will be using your Code Signing (CS) certificate with the Sun Java platform, you must submit a certificate signing request (CSR) with your order. However, you can include a CSR with your order for any platform.
To remain secure, certificates must use at least a 2048-bit key size. For more information and instructions about creating a CSR, see Create a CSR (Certificate Signing Request). - Prevalidate organization
Make sure the organization you want to associate your Code Signing (CS) certificate with has been prevalidated for CS Organization validation. In the Organization dropdown, we only list organizations that have CS Organization validation. See Submit an organization for prevalidation. - Prevalidate domain
When adding an email address as the subject of a code signing certificate, the email address must include a validated domain. For example, if you want to add john.doe@example.com, you must prevalidate example.com. See Domain prevalidation. Only prevalidated domains appear on the order form.
Note: Adding an email address is optional. Depending on how your account was set up, you may not be able to add an email address to your Code Signing certificate.
Order your CS certificate
In the left main menu, hover over Request a Certificate then, under Code Signing Certificates, select Code Signing. Fill out the Request a Code Signing Certificate form and submit.
-
Organization
In the dropdown, select the organization you want to associate your CS certificate with.
-
Organization Unit
Adding an organization units is optional. You can leave this box blank.
If you include an organization unit in your order, DigiCert will need to validate it before we can issue your certificate.
-
Validity period
Select a validity period for the certificate: 1 year, 2 years, or 3 years.
-
Signature Hash
In the dropdown, select a signature hash for the certificate: SHA-256 or SHA-1.
-
Subject Email (CertCentral Enterprise/Partner accounts only)
Expand Show Available Domains and select the domain for your email address. The email address you provide must have a validated domain.
Add the email address you want to appear as the subject on the Code Signing Certificate is optional.
Adding an email address is optional. Depending on how your account was set up, you may not see this option on your order form.
-
CSR
Upload or paste your CSR in the CSR box.
The Sun Java Platform is the only platform that requires you to submit a CSR; for all other platforms, submitting a CSR is optional.
-
Server Platform
Select the platform you are planning to use your certificate for.
To use the certificate with a different platform, reissue your certificate and select a different platform.
-
Comments to Administrator
Enter any information that your administrator might need for approving your request, about the purpose of the certificate, etc.
-
Additional Renewal Message
To create a renewal message for this certificate, type a message with information relevant for the certificate’s renewal.
-
Additional Emails
Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails, such as certificate issuance, certificate renewals, etc.
-
Auto-renew
To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.
With auto-renew enabled, a new certificate order will be automatically submitted when this certificate nears its expiration date. If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 39 months).
-
Select Payment Method
Under Payment Information, select a payment method to pay for the certificate:
- Bill to Credit Card
Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.
Note: We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate. If you have a contract enabled you will need to check the box next to 'Exclude from contract terms'. - Bill to Account Balance
Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.
To deposit funds, click the Deposit link.
Note: The Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved. If you have a contract enabled you will need to check the box next to 'Exclude from contract terms'. - Pay with Contract Terms
Have a contract and want to use it to pay for the certificate?
Note: When you have a contract, it is the default payment method.
-
Certificate Services Agreement
Click Certificate Services Agreement. Read through the agreement and check I agree to the Certificate Services Agreement.
-
Click Submit Certificate Request.
When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.
When an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate request.
Complete organization validation
To validate/authenticate your authority to order a certificate for the organization on your certificate order, we will call a verified phone number to speak with some who represents you, the certificate requestor, such as Human Resources, a Manager, or technical contact.
To complete organization consent for your certificate order:
- Answer the organization/validation phone call (preferred method)*
After you submit your certificate order, make sure that the organization contact, technical contact, and company receptionist are aware that you’ve ordered a code signing certificate. Let them know that DigiCert will call a verified phone number to speak with one of them to complete organization validation/authentication. This phone call usually takes place within 24 hours of the certificate order being placed. - Respond to the organization consent message
If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message that includes a call back phone number and a verification code. Make sure that organization or technical contact responds to the message and provides us with the verification code. - Schedule a time for a call back through the verified phone number
If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they may send you an email to schedule a time for us to call back to complete the verification. You may use this link to schedule a time when the representative will be available to answer the call: https://digicert.simplybook.me/v2/#book.
Appointments display in your local time. You don't need to convert the time.
Once the validation process is completed, we will send you an email with certificate installation instructions.