Skip to main content

Request code signing certificate

Important

As of February 24, 2026, the maximum validity for public code signing and EV code signing certificates is 459 days. DigiCert no longer issues 2 or 3-year public code signing certificates.

Use these steps to request a Code Signing or EV Code Signing certificate in CertCentral. Code signing certificates verify software publisher identity and confirm that code has not been modified since it was signed.

Notice

For Subscription accounts, request DV certificates through your active subscription. In the CertCentral menu, go to My digital trust products > My subscription. Find the relevant subscription and select Actions > Request a certificate. See Request a code signing certificate from a CertCentral subscription.

This procedure applies to Enterprise, Partner, and Legacy accounts.

Before you begin

  • The organization must be active and validated for code signing in your account.

    • For Code Signing certificates, the required validation type is CS — Code Signing Organization Validation.

    • For EV Code Signing certificates, the required validation type is EV CS — Code Signing Organization Extended Validation.

  • A validated verified contact must be available to approve the code signing certificate order.

  • All code signing private keys must be stored on hardware certified to FIPS 140-2 Level 2, Common Criteria EAL 4+, or equivalent. For HSM provisioning, generate the private key on the HSM before submitting your order. See Protect private keys and Code signing provisioning methods.

  • For Code Signing certificates only: if adding a subject email address to the certificate, the email domain must be validated and assigned to the organization in your account.

Start a certificate request

  1. In the CertCentral main menu, go to Certificates > Request certificate.

  2. Select Code Signing certificate or EV Code Signing certificate.

Enter certificate details

  1. Enter the required certificate subject information.

  2. Under Validity period, select the validity period. The maximum validity period for code signing and EV code signing certificates is 459 days.

  3. Select the signature hash algorithm if applicable.

  4. Under Provisioning options, select a provisioning method. See Code signing provisioning methods for the full list of options and their requirements.

  5. IOptional) For Code Signing certificates only: to add a subject email address, enter the email username and select the validated domain from the Email domain menu.

  6. To set up automatic renewal, select Auto-renew order 30 days before expiration. Auto-renewal is not available with credit card payments.

Select or add the organization

  1. Select an existing validated organization from the list.

  2. If the organization is not listed, select Add organization and complete the organization details.

If the organization has not been validated for code signing, DigiCert must complete code signing validation before issuance.

Add or confirm verified contacts

A verified contact must approve code signing certificate orders before DigiCert issues the certificate.

  1. Under Verified Contacts, select an existing contact or add a new contact.

  2. Select CS for standard Code Signing or EV CS for EV Code Signing as the certificate type the contact can approve.

  3. Submit the verified contact for validation if required.

DigiCert​​®​​ must validate the verified contact before the contact can approve certificate orders.

Submit the request

  1. Review the order details.

  2. Select the payment method.

  3. Read and accept the Certificate Services Agreement.

  4. Select Submit.

After submission, DigiCert sends an approval email to all selected verified contacts. DigiCert also contacts a verified phone number for the organization to confirm authority to order. This call typically occurs within 24 hours of submission.

The order remains pending until organization validation is complete and a verified contact approves the request. After both are complete, DigiCert issues the certificate. Post-issuance steps depend on the provisioning method selected.

Notice

Post-issuance steps depend on your provisioning method:

  • DigiCert-provided hardware token: DigiCert installs the certificate on the token and ships it to the address provided during the request.

  • Own supported hardware token: Download the certificate from your CertCentral account and install it on your token.

  • HSM: Download the certificate from your CertCentral account and install it on the HSM. See Download a code signing certificate.

  • DigiCert KeyLocker: Access the certificate in DigiCert KeyLocker. See the KeyLocker documentation.

Related topics

What's next

Manage pending orders to monitor the status of your submitted request and complete any outstanding validation steps

: