Symantec Code Signing Certificate FAQ

Symantec Code Signing Certificate


 

What is Symantec code signing and why do I need it? 

Symantec Code Signing creates a digital "shrink-wrap" that shows customers the identity of the company responsible for the code and confirms that it has not been modified since the signature was applied. In traditional software sales, a buyer can confirm the source of the application and its integrity by examining the packaging. Increasingly, customers download applications online, install plug-ins and add-ins, and interact with sophisticated Web-based applications. They risk compromising their security and the functionality of existing systems if they download malicious or faulty code. Symantec Code Signing protects your brand and your intellectual property by making your applications identifiable and harder to falsify or damage with a digital signature.

[ Back to Top ]

 

Which Symantec Code Signing Certificate do I need?

Code and content signing is based on public key cryptography. A developer or software publisher uses a private key to add a digital signature to code or content. Software platforms and applications use a public key to decrypt the signature during download and compares the hash used to sign the application against the hash of the downloaded application. Signed code from a trusted source may be automatically accepted or a security warning may require the end user to view the signature information and decide whether or not to trust the code.

[ Back to Top ]

 

Are Code Signing Certificates available for individiual developers?

Yes. Code signing certificates are available for individual developers who are not affiliated with an incorporated business. Select the appropriate code signing certificate for your development platform. In the publisher name field on the sign up form simply put your name down for the publisher.

[ Back to Top ]

 

How does a Symantec Code Signing Certificate work?

Code and content signing is based on public key cryptography. A developer or software publisher uses a private key to add a digital signature to code or content. Software platforms and applications use a public key to decrypt the signature during download and compares the hash used to sign the application against the hash of the downloaded application. Signed code from a trusted source may be automatically accepted or a security warning may require the end user to view the signature information and decide whether or not to trust the code.

[ Back to Top ]

 

How long does it take to purchase a Symantec Code Signing Certificate?

During the Symantec code signing enrollment process, Symantec will collect information about you and your company for authentication. The validation process may take a few hours or several days, depending on the information you provide and how easily it can be verified. You have the option to pay by credit card, PayPal, check or wire transfer. We must receive payment before delivering your certificate, payment by credit card or PayPal speeds delivery. Review the Symantec Code Signing Certificate enrollment process:

Microsoft Authenticode
Java
Microsoft Office / VBA
Adobe AIR

[ Back to Top ]

 

How long does a digital signature last?

Every Symantec Code Signing Certificate is purchased with a specific validity period. The digital certificate can be used to sign code as frequently as needed during that validity period. When the digital certificate expires, all digital signatures that depend on that digital certificate expire also unless the signature includes a time stamp. A timestamp option shows when code was signed, allowing customers to verify that the Code Signing Certificate was valid at the time of the digital signature.

[ Back to Top ]

 

Can I install the Symantec Code Signing Certificate on more than one PC?

You can use a Symantec Code Signing Certificate on any computer once it is retrieved. However, you must buy and retrieve your Code Signing Certificate from the same computer. If you have problems with retrieval, confirm that you are using the same computer, browser, and log-in profile used to enroll. Symantec recommends that developers purchase additional Code Signing Certificates rather than sharing certificates for better security and management. If a certificate becomes compromised and must be revoked, then all applications signed by the single certificate will be disabled.

[ Back to Top ]

 

How does someone know they can trust my signature?

Simply signing your code ensures that it has not been tampered with and that it comes from you, but does not verify who you are. A third-party CA is more trusted than a self-signed certificate because the certificate requester had to go through a vetting or authentication process. When software platforms and applications verify a digital signature, they access a "root" certificate to determine whether or not to trust the CA that issued the certificate. It is possible to self-sign your code, but then you have to make sure that anyone accessing the code has access to your Root Certificate or your self-signed application will remain unidentifiable. Because Symantec Root Certificates come pre-installed on most devices and embedded in most applications, digital signatures from Symantec are almost always trusted, reducing warnings and error messages.

[ Back to Top ]

 

How many Symantec Code Signing Certificates do I need?

Symantec recommends that developers purchase additional Code Signing Certificates rather than sharing certificates for better security and management. If a certificate becomes compromised and must be revoked then all applications signed by the single certificate will be disabled. For ease of use, Symantec recommends buying a Code Signing Certificate for each developer platform. You could use a Code Signing Certificate for one platform to sign code for others. However, different platforms require the certificates in different formats. To use a certificate across platforms requires a conversion process using additional utilities.

[ Back to Top ]

 

What if I lose my private key or it becomes compromised?

If your private key is lost or compromised or if your information changes, you should revoke your Symantec Code Signing Certificate immediately and replace it with a new certificate.

[ Back to Top ]

 

Do I need to sign all the files within the cab file or just the cab file?

For Microsoft Windows applications, developers only need to sign the .cab file using the appropriate Symantec Code Signing Certificate. For Windows Mobile applications, all executables within the .cab file must be signed. The Symantec Flexible Signing Account automatically signs all of the contained executables when the .cab file is signed.

[ Back to Top ]

 

What Symantec Code Signing Certificate should I use for Netscape Object Signing?

Symantec no longer offers a Code Signing Certificate for Netscape because Netscape discontinued the signing tools and support for Netscape 4.x browsers. To digitally sign files for Netscape Object Signing, purchase a Symantec Code Signing Certificate for Java.

[ Back to Top ]

 

$405
1 year
$705
2 year
$985
3 year
Buy 
Symantec Code Signing Certificate

Search Our Site

Loading

Code Signing Certificates

Symantec Code Signing Certificates


Thawte Code Signing Certificates

Code Signing Certificates 
Promotion Codes


SSL Certificates

Symantec SSL Certificates

RapidSSL SSL Certificates

Thawte SSL Certificates

GeoTrust SSL Certificates