Code Signing Certificates enable software developers to digitally sign software and macros for secure delivery over the Internet. The step by step instructions below provide a general overview of the enrollment process. For commercial organizations, the verification process in step 3 may take 3 to 5 business days to complete.
Step 1: Download Signing Tools
The software development kit (SDK) for the browser or OS platform that your code target contains signing tools. Download the appropriate signing tools to your development computer. If you are using Sun Java Signing, you will need to generate a Certificate Signing Request (CSR) to use during the enrollment process.
If your vendor is not listed, go directly to their site to download the signing tools.
Digital ID for Microsoft Authenticode
Digital ID for Netscape-Object Signing
Digital ID for Microsoft Office and VBA-Signing
Digital ID for Sun Java Signature
Digital ID for Macromedia Shockwave
Step 2: Order Token IDs
ChosenSecurity offers Token IDs which can be redeemed for VeriSign Code Signing certificates during the online enrollment. Please purchase the Token IDs at ChosenSecurity prior to online enrollment.
You can order Token IDs per application form or by phone at 1.866.468.2180 (Sales). ChosenSecurity will verify the information on your application form, issue the invoice to you and grant you a valid token number after the settlement of payment in the coming days.
Step 3: Enrollment
Identify the Code Signing Certificate for your target browser or OS platform. Code Signing certificates are available for Microsoft Authenticode, Netscape Object Signing, Microsoft Office and VBA Signing, Sun Java Signing, Macromedia Shockwave, and Marimba Castanet Channel Signing.
Before conducting online enrollment, please make sure you have:
a) obtained a valid Token ID from ChosenSecurity
b) generated the CSR (Certificate Signing Request) file of your server, if you are applying Java Signing Digital ID
To begin the enrollment process for a Code Signing Certificate you can go to the certificate order page.
Conduct the 7-step VeriSign online enrollment by selecting the button of relevant type of Code Signing Certificate.
At the 1st step “Select certificate options” you have to make sure the 1 year validity period is selected according to the purchased TokenID.
When coming to the 5th step “Enter Payment information” just click on the token ID box and then paste the Token ID number provided by ChosenSecurity.
On completion of the online enrollment by clicking the "Accept and Purchase", you will be asked to generate a private key and stored as a *.pvk file for Microsoft Authenticode Code Signing Certificate.
Note: Please store a copy of the private key in a secure place with password protection. It is for emergency, such a system crash, etc.
Print and keep your online order confirmation. Note: Your order number, common name (the enrolled Company Name) and the coming serial number on your certificate are major identifications of your certificate for future reference.
VeriSign support team will contact you by email in the coming days for further verification before issuing your certificate.
Step 4: Begin Using
After your enrollment procedure & generation of key pairs, VeriSign will verify your identity by checking your documentation, you will be issued a certificate, including your full organizational name and your public key.
When your certificate is approved and issued, you will be alerted by e-mail either containing the certificate or directing you to a URL where you will be able to access your certificate online.
Use the tools supplied by your software vendor to sign applets, plug-ins, or macros with your certificate [see your software documentation]. When your signed object and files are downloaded, they contain a copy of your certificate so that recipients are able to identify you as the author.
Post your signed code or software on your site so that customers can purchase and download them as normal.
Customers download your applet, code object or macro. Their browser verifies the signature on the code.
The customer is able to view the certificate in order to identify the developer who wrote the code. This increases consumer confidence and, if need be, gives the customer the appropriate ability to contact the developer.
Related Information
Code Signing Intermediate CA Certificate
This Intermediate is used with the VeriSign Code Signing Digital ID’s. This Intermediate is sent with the Digital ID issuance email, however it is available for download if needed.
Procedures for the Certificate Revocation List
When a customer or VeriSign revokes a Code Signing ID for security reasons, the Digital ID is published on a publicly accessible Certificate Revocation List (CRL). If a user tries to download code signed with the revoked Digital ID, they will receive an error message. They can check the CRL to find out why the Digital ID was revoked and take appropriate action.