Code Signing Frequently Asked Questions
A code signing certificate is strongly recommended for any publisher intending to distribute code or other content over the Internet or over corporate networks. Use of code signing certificates may help enhance a publisher's reputation.
Code signing certificates are valid for one, two, or three years depending on which duration was specified when the certificate was purchased.
No. Code signing certificates are only used to verify the publisher who signed the content and that the content has not been altered or corrupted.
Time stamping ensures that signed code will not expire when the code signing certificate expires. Signed code which has been time stamped is valid, even after the code signing certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code whenever the code signing certificate changes due to re-keying or renewal.
- Windows - Use the SignTool.exe utility included with the Windows SDK to verify the presence of a time stamp in code which has been signed. http://msdn.microsoft.com/en-us/library/aa387764(VS.85).aspx
- Java - Use JarSigner.exe included as part of the JDK which is available here.
No. Unlike some of our competitors, we do not limit the number of time stamp requests which can be issued by a single code signing certificate.
Is there a limit to the number of applications allowed to be signed with a code signing certificate?
No. You are not limited to any specific number. You can sign as many applications or other content with a code signing certificate as you wish, provided that the applications are going to be used for and distributed by the organization that owns the certificate.
No. Only businesses whose identity can be verified via various state or federal governmental agencies can be issued a code signing certificate.
Yes. Windows Vista devices require a Driver Signing certificate which we currently offer.
Yes. Complete documentation will be added to our website at later time.
What settings should be enabled in Internet Explorer to allow a user to receive the certificate pop-up on downloaded content?
In order to receive the certificate pop-up when the file is downloaded, you will need to enable the feature.
Enable Check for Signatures
Open the Tools menu in Internet Explorer and click Internet Options. Click the Advanced tab.
Scroll to the bottom and verify that the option Check for signatures on downloaded programs is checked in the Security section.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store?
For Windows XP, everything is automatic. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here.