Code Signing Certificate FAQs

General Information ID:    INFO1119    Updated:    09/13/2016

Description

Which type of Code Signing certificate should I request?  

Please click here to view the different Code Signing certificate types.


Is a Code Signing certificate tied to my domain name?

No, a Code Signing certificate is tied to your Organization Name only. The Common Name you are prompted for is required by our system in order for the request to be accepted, but we will replace it in our system with the Organization Name you have entered in your CSR so that the correct details will be displayed when the signature on the code is viewed.


How long can I use a Code Signing certificate for?

Code Signing certificates are valid for 1 to 3 years depending on which life cycle you choose when you purchase the certificate. For pricing information, click here. You should also timestamp your signed code to avoid your code expiring when your certificate expires.


Is timestamped code valid after a Code Signing Certificate expires?

Thawte timestamp services allow you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the system validates the timestamp. If you use the timestamping service when signing code, a hash of your code is sent to the timestamp server to record a timestamp for your code. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired.

Please specify the timestamp server url you need when you sign your code. Thawte provides you with both a SHA-1 and SHA-256 RFC 3161 timestamping URLs.

The timestamp server validates the date and the time that the file was signed therefore the certificate can expire but the signature will be valid for as long as the file is in production. A new certificate is only necessary if you want to sign additional code or re-sign code that has been modified.

If you do not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers.

To verify if your file has been timestamped, you can use the verifying commands provided in our knowledge base articles. The date and time will be displayed when the file has been timestamped. No dates or a warning will appear when the file has NOT been timestamped.

Please sign and timestamp your code using the instructions provided in the following Solution: SO2706


How can I timestamp VBA projects?

Instructions for timestamping VBA code, are located in the following solution: SO7492


Is there a limit to the number of applications that are allowed to be signed with a Code Signing Certificate?

No, Thawte does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are used for and distributed by the organization that owns the certificate.


Which browsers are supported by Thawte Code Signing Certificates?

For enrollment requirements please see solution INFO3759.


Are Thawte Code Signing Certificates chained? 

Yes, the Thawte Code Signing Certificates are chained. The Code Signing Certificates are signed by the Thawte Code Signing CA Intermediate Certificate which is chained to the Thawte Primary Root CA certificate.


Developer Code-Signing Technology

Whenever an application attempts to access your system, it has the potential to do anything, be it expected, or unexpected. To safeguard users, any code seeking additional privileges must be signed. The certificate displayed, identifies the developer or organization deploying that code. The signature also prevents the code being 'tampered' with, and redeployed.


Getting a Developer Code-Signing Certificate

The required files are created by your browser during the enrollment process (except in the case of a JavaSoft Certificate) and our verification team then sets about verifying the details contained in the certificate request submitted to us once the enrolment has been completed. As soon as the details have been verified completely you are issued with a Thawte Code Signing certificate which is tied to your Organization.


Thawte Developer Support

Thawte is a trusted certificate provider. We do not make or support any software. We are more than happy to help wherever certificates are used, however, in the case of software specific issues, we may not always be able to help. The best people to contact will always be your software vendor.
 

Find Answers


Search Tips

Languages

This article is available in the following languages: