Skip to main content

訂購 Code Signing 憑證

Important

業界轉移到適用於代碼簽署憑證的 RSA 3072 位元金鑰

為了因應業界的變更,DigiCert 我們的代碼簽署憑證程序做出以下的變更:

  • 僅發行 RSA 3072 位元金鑰或更大的代碼簽署憑證*

  • 使用新的中繼 CA 和根憑證發行代碼簽署和 EV 代碼簽署憑證:RSA 和 ECC

*註:在 2021 年 6 月 1 前發行的所有現有的 2048 位元金鑰代碼簽署憑證將保持啟用。您可以繼續用這些憑證簽署代碼,直到其到期為止。

瞭解更多有關 3072 位元金鑰代碼簽署憑證的變更的資訊

在您開始前

  • 產生 CSR

    如果您將使用您的 Code Signing (CS) 憑證與 Sun Java 平台,您必須連同您的訂單提交憑證簽署要求 (CSR)。但您可以連同您的訂單納入用於任何平台的 CSR。

    為了保持安全,憑證必須使用 RSA 3072 位元或 ECC P-256 位或更大的金鑰。如需與建立不同作業系統和平台的 CSR 有關的說明,請參閱建立代碼簽署憑證要求的 CSR

    Need help creating a CSR? See our Create CSR for a code signing certificate request instructions.

  • 預先驗證組織

    確定您要與您的 Code Signing (CS) 憑證關聯的組織已經過 CS 組織驗證的預先驗證。在組織下拉清單中,我們僅列出已進行「CS 組織」驗證的組織。請參閱提交組織進行預先驗證

  • 預先驗證網域

    新增電郵地址作為代碼簽署憑證的主旨時,電郵地址必須包括已驗證的網域。例如,如果您想要新增 john.doe@example.com,您必須預先驗證 example.com。請參閱網域預先驗證。僅預先驗證的網域會出現在訂購表上。

    For example, if you want to add john.doe@example.com, make sure example.com has been validated. See Domain prevalidation.

    Adding an email address is optional. Depending on how your account was set up, you may not be able to add an email address to your Code Signing certificate.

訂購您的 CS 憑證

  1. In the left main menu, hover over Request a Certificate then, under Code Signing Certificates, select Code Signing.

  2. Assign the request to a division

    In the For dropdown, select the division to manage the certificate. This dropdown only appears if your account uses Divisions.

憑證設定

  1. CSR

    CSR 方塊中上傳或貼上您的 CSR。

    The Sun Java Platform is the only platform that requires you to submit a CSR. For all other platforms, submitting a CSR is optional.

  2. 組織單位

    新增組織單位是選用的操作。您可以將此方塊留白。

  3. 有效期間

    選擇憑證的有效期間:1 年、2 年或 3 年。

    If needed, you can customize the expiration date or certificate length. However, you cannot exceed the 39-month maximum code signing certificate validity.

  4. 簽署雜湊

    To set up automatic renewal for this code signing order, check Auto-renew order 30 days before expiration.

    若您沒有選擇不同簽章雜湊的特定原因,DigiCert 建議使用預設的簽章雜湊:SHA-256

    Tip

    If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 39 months).

Organization

  1. In the Organization dropdown, choose the organization you want to associate with your code signing certificate.

    Important

    If you choose an organization that is not validated for code signing certificates, DigiCert must validate the organization for code signing validation before we can issue your certificate.

  2. Additional emails (optional)

    Enter the email addresses (comma separated) you want to receive the certificate notification emails, such as certificate issuance and expiring certificate notifications.

    Tip

    Depending on your account settings, your administrator may require you to include at least one additional email.

Additional certificate options

The information below is optional. None of it is required to issue your certificate.

  1. 組織單位

    新增組織單位是選用的操作。您可以將此方塊留白。

    Important

    如果您在您的訂單中加入組織單位,DigiCert 將需要在我們可以發行您的憑證前驗證該組織單位。

  2. 主題電郵 (僅限 CertCentral Enterprise/Partner 帳戶)

    Enter the email address you want to appear on the certificate.

    Including an email address on the certificate provides an additional layer of trust for end users when checking your code signing certificate.

    Important

    The email address must contain a validated domain associated with the organization included in the request, for example, email-username@validated-domain.

    1. 展開顯示可使用網域,然後選取您的電郵地址的網域。您提供的電郵地址必須有已驗證的網域。

    2. 新增您要在 Code Signing 憑證上顯示為主題的電郵地址是選用的。

      • We don't show a dropdown if the organization only has one validated domain assigned to it.

      • You cannot include a subject email if the organization does not have any validated domains assigned to it.

訂單選項

The information below is optional. None of it is required to issue your certificate.

  1. Comments to Administrator (optional)

    Enter any information your administrator might need for approving your request, about the purpose of the certificate, etc.

  2. Additional Renewal Message (optional)

    To create a renewal message for this certificate, add a message with information that might be relevant to the certificate’s renewal.

付款資訊

  1. 選取付款方法

    付款資訊下,選取支付憑證費用的付款方法:

    1. 信用卡付款

      沒有合約,或不想要用合約支付此憑證的費用嗎?使用信用卡支付憑證費用。

      Note

      我們授權在做出要求時的卡片。但我們只能在發行您的憑證後完成交易。如果您有已生效的合約,您將需要勾選「排除在合約條款外」旁邊的方塊。

    2. 於帳戶餘額中扣除

      沒有合約,或不想要用合約支付此憑證的費用嗎?向您的帳戶餘額收取款項。

      若要存入資金,請按一下存款連結。

      The Deposit link takes you to another page in your CertCentral account. Any information entered in the request form will not be saved.

      If you have a contract enabled, check Exclude from contract terms.

    3. 以合約條款支付

      有合約且想要用合約支付憑證的費用嗎?當您有合約時,這是預設的付款方法。

  2. 憑證服務合約

    選取「憑證服務合約」。閱讀整份合約,然後勾選我同意憑證服務合約

  3. 選取提交憑證要求

    需要核准時,傳送電郵給使用於組織的 CS 驗證的聯絡人,通知他們需要核准憑證要求。

下一步是什麼

Important

DigiCert recommends that developers take precautions with the code signing process and protect the private key associated with their signing certificate. See Protect private keys: Code signing best practices.

: