訂購 EV Code Signing 憑證
Learn how to order an extended validation (EV) code signing certificate.
Important
業界轉移到適用於代碼簽署憑證的基本 RSA 3072 位元金鑰
為了因應業界的變更,DigiCert 我們的代碼簽署憑證程序做出以下的變更:
僅發行 RSA 3072 位元金鑰或更大的代碼簽署憑證*
使用新的中繼 CA 和根憑證發行代碼簽署和 EV 代碼簽署憑證:RSA 和 ECC
DigiCert 支援兩種 eToken:
適用於 RSA 4096 位元和 ECC P-256 位元憑證的 5110 CC
適用於 ECC P-256 和 P-384 位元憑證的 5110 FIPS
SafeNet eToken 5110+ FIPS for RSA 4096-bit and ECC P-256-bit key certificates.
SafeNet eToken 5110+ CC (940B) for ECC P-256-bit key certificates.
HSM 必須:
支援 RSA 3072 位元或 ECC P-256 位元大小或更大的金鑰
是 FIPS 140-2 Level 2+ 或 Common Criteria EAL4+ 相容裝置
在您開始前
預先驗證組織 預先驗證您取得 EV Code Signing 憑證所要用於的組織。請參閱 新增組織 和提交組織進行預先驗證。
預先驗證組織 預先驗證您取得 EV Code Signing 憑證所要用於的組織。請參閱 新增組織 和提交組織進行預先驗證。
產生 CSR (僅 HSM 訂單) 如果您正在重新發行您用於 HSM 裝置的 EV Code Signing 憑證,您必須連同您的訂單提交憑證簽署要求 (CSR)。
產生 CSR (僅 HSM 訂單) 如果您正在重新發行您用於 HSM 裝置的 EV Code Signing 憑證,您必須連同您的訂單提交憑證簽署要求 (CSR)。
為了保持安全,憑證必須使用 RSA 3072 位元或 ECC P-256 位或更大的金鑰。若要建立適用於您的要求的 CSR,請參閱您的 HSM 供應商的文件。
訂購您的 EV Code Signing 憑證
In CertCentral. in the left menu, hover over Request a Certificate and then under Code Signing Certificates, select EV Code Signing.
On the Request EV Code Signing Certificate page, in the For menu, select the division to manage the certificate.
The For menu only appears if your account uses Divisions.
憑證設定
有效期間
選擇憑證的有效期間:1 年、2 年或 3 年。
If needed, you can customize the expiration date or certificate length. However, you cannot exceed the 39-month maximum EV code signing certificate validity.
自動續訂
若要設定此憑證的續訂,請勾選在到期前 30 天自動續訂訂單。
啟用自動續訂後,將在憑證接近到期日時自動提交新憑證訂單。如果您的憑證在到期前還有剩餘時間,DigiCert 會將您目前憑證的剩餘時間加入您的新憑證中 (最多 39 個月)。
Important
If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 39 months).
Organization
組織
Select Add organization. The organization name will appear on the EV code signing certificate.
在下拉清單中,選擇您訂購 EV Code Signing 憑證所要用於的組織。組織名稱將出現在 EV 代碼簽署憑證上。
In the Add organization window, do one of the following:
Add an existing organization.
Select An existing organization.
In the menu, select the organization and then select Add.
If you choose an organization not validated for EV Code Signing certificates or if the organization's EV code signing validation has expired, DigiCert must validate the organization for EV code signing validation before we can issue your certificate.
Organization and technical contacts.
DigiCert automatically adds the contacts assigned to the organization to the request form. To see the organization and technical contacts, select Show organization contacts.
Verified contacts.
DigiCert automatically adds the assigned contacts to the request form if the organization has EV code signing verified contacts. To view, change selections, or add verified contacts, expand Verified contacts.
The Add contacts popup window opens if the organization has not assigned EV code signing verified contacts. In this window, you can add yourself, a user in your account, or a new contact as a verified contact. See Verified contacts below.
Add a new organization.
Select A new organization and select Next.
Under Organization address details, enter your organization's legal name, assumed name (optional), address, and phone number.
DigiCert must validate the organization for EV code signing validation before we can issue your certificate.
When ready, select Add.
Add an organization contact.
In the Add organization window, add yourself or someone else from your account, or create a new organization contact.
Important
The organization contact is whom we contact when validating the organization and verifying your authority to order a DigiCert certificate for the organization.
They may also receive the following notifications:
Order status updates for certificates requested for their organization.
Domain status updates for domains associated with their organization.
Add yourself as the organization contact.
Select Add me as the organization contact and then select Add or Next.
If we have all your information, you will select Add.
If we need more information, you will select Next, enter the missing information, and then select Add.
Add someone else as the organization contact.
Select Add someone else as the organization contact. Then in the Add contact menu, select the contact or user and then select Add or Next.
If we have the needed user information, you will select Add.
If we need more user information, you will select Next, enter the missing information, and then select Add.
Create new contact.
Select Add someone else as the organization contact.
In the Add contact menu, select Create new contact and then select Next.
Enter the needed user information and then select Add.
Technical contact for the organization (optional)
We may contact a technical contact for inquiries regarding certificate orders for the organization. They may receive the certificate lifecycle-related emails: certificate issued, reissued, and expiring.
Add yourself as the technical contact.
Select Add me as the technical contact for the organization and then select Add or Next.
If we have all your information, you will select Add.
If we need more information, you will select Next, enter the missing information, and then select Add.
Add someone else as the technical contact.
Select Add someone else as the technical contact for the organization. Then in the Add contact menu, select the contact or user and then select Add or Next.
If we have the needed user information, you will select Add.
If we need more user information, you will select Next, enter the missing information, and then select Add.
Create new contact.
Select Add someone else as the technical contact for the organization.
In the Add contact menu, select Create new contact and then select Next.
Enter the needed user information and then select Add.
Verified contacts
A verified contact must represent the organization included in your certificate request. At least one EV code signing verified contact is required.
To view, change selections, or add verified contacts, expand Verified contacts.
Select verified contacts.
If the organization has multiple EV code signing verified contacts, you can select who receives the EV code signing order approval email.
DigiCert sends the approval email to all selected, verified contacts, but only one needs to approve your order. Once the order is approved, DigiCert can issue your certificate. Selecting multiple verified contacts increases the likelihood of your order being approved quickly.
Add a verified contact.
When adding a new verified contact, we will contact the organization directly to verify the individual's name, email, phone number, job title, and authority. Only after DigiCert validates a verified contact can they approve EV code signing orders for the organization.
Add yourself as the verified contact.
Select Add me as a verified contact for the organization and then select Add or Next.
If we have all your information, you will select Add.
If we need more information, you will select Next, enter the missing information, and then select Add.
Add someone else as the verified contact.
Select Add someone else as the verified contact for the organization. Then in the Add contact menu, select the contact or user and then select Add or Next.
If we have the needed user information, you will select Add.
If we need more user information, you will select Next, enter the missing information, and then select Add.
Create new contact.
Select Add someone else as the verified contact for the organization.
In the Add contact menu, select Create new contact and then select Next.
Enter the needed information and then select Add.
其他電郵
輸入您想要收到憑證通知電郵的人員的電郵地址 (逗號分隔) ,例如憑證發行、憑證續訂等。
Depending on your account settings, your administrator may require you to include at least one additional email.
Additional certificate options
The information below is optional. None of it is required to issue your EV code signing certificate.
組織單位
新增組織單位是選用的操作。您可以將表格中的此方塊留白。
新增組織單位是選用的操作。您可以將表格中的此方塊留白。
建置選項
Provisioning options
The provisioning method refers to where you will store the private key and certificate. For the security of your EV Code Signing certificate, the certificate must be installed on and used from an approved device.
Select the storage device for your EV Code Signing certificate and its' private key.
DigiCert-provided hardware token (nonrefundable)
DigiCert ships a secure token with instructions for installing the certificate on your token. So you can start signing code.
Then, under Shipping address, add your shipping information: your name and the address where you want us to send the hardware token.
Use existing token
After DigiCert issues your EV code signing certificate, install the certificate on your token.
In the Platform menu, select the type of hardware token on which you plan to install your EV Code Signing certificate:
SafeNet eToken 5110 CC (940) for RSA 4096-bit and ECC P-256-bit or higher key certificates.
SafeNet eToken 5110 FIPS for ECC P-256 and P-384-bit key certificates.
SafeNet eToken 5110+ FIPS for RSA 4096-bit and ECC P-256-bit or higher key certificates.
SafeNet eToken 5110+ CC (940B) for ECC P-256-bit key certificates.
Important
You must have a FIPS 140-2 Level 2 or Common Criteria EAL4+ compliant device listed above. You cannot install the certificate on any device not on the list.
Need an approved token?
Please select DigiCert-provided hardware token to have a token shipped to you. If you have questions, please contact DigiCert Support.
Install on HSM
After DigiCert issues your EV code signing certificate, install it on the HSM where you generated the private key and CSR.
Select Yes under Was the private key generated by a Common Criteria EAL4+ standard or FIPS 140-2 level 2 HSM?
Note that we will send the certificate requestor an agreement email. This email ensures the private key is stored on an HSM certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. DigiCert will only issue the certificate after the requester agrees to the private key protection requirement.
Important
You must have a FIPS 140-2 Level 2 or Common Criteria EAL4+, or equivalent hardware security module (HSM) that supports at least 3072-bit keys.
Don't have a compatible HSM?
Please select a different provisioning method. If you have questions, please contact DigiCert Support.
DigiCert KeyLocker (Cloud HSM)
KeyLocker is an automated cloud storage service where you can store your private key and code signing certificate. Access them anytime from anywhere to sign your code. Learn more.
DigiCert also offers Software Trust Manager, an enterprise-level code signing solution. Contact your account representative to determine if your organization could benefit from Software Trust Manager. Learn more.
Additional order options
The information below is optional. None of it is required to issue your certificate.
Comments to Administrator (optional)
Enter any information your administrator might need for approving your request, about the purpose of the certificate, etc.
其他續訂訊息
若要建立此憑證的續訂訊息,請輸入與憑證的續訂有關的資訊的續訂訊息。
付款資訊
選取付款方法
在付款資訊下,選取支付憑證費用的付款方法:
信用卡付款
沒有合約,或不想要用合約支付此憑證的費用嗎?使用信用卡支付憑證費用。
我們授權在做出要求時的卡片。但我們只能在發行您的憑證後完成交易。
如果您已啟用合約,請勾選從合約條款中排除。
於帳戶餘額中扣除
沒有合約,或不想要用合約支付此憑證的費用嗎?向您的帳戶餘額收取款項。
若要存入資金,請按一下存款連結。此連結將您帶到您的 CertCentral 帳戶內的其他頁面。在申請表中輸入的任何資訊都不會儲存。
如果您已啟用合約,請勾選從合約條款中排除。
以合約條款支付
有合約且想要用合約支付憑證的費用嗎?當您有合約時,這是預設的付款方法。
憑證服務合約
閱讀整份合約,然後勾選我同意憑證服務合約。
按一下提交憑證要求。
Selecting Submit Certificate Request also means you agree to all the terms and conditions in the Master Services Agreement.
下一步是什麼
DigiCert recommends that developers take precautions with the code signing process and protect the private key associated with their signing certificate. See Protect private keys: Code signing best practices.