The Digicert Certificate Utility is probably one of the best certificate management tool out on the net.
A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing.
Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it.
Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. jre and Adobe Air.
- Sign or re-sign code or software
- Create a CSR from your system (optional)
- Sign applications with a single click
- Sign drivers and other system files
- Verify signed applications
- Time stamp applications
- Repair private key errors
- Automate application signing
Things to know:
- The Digicert Certificate Utility Code Signing Automatically refers to Microsoft user account certificate stores on the system. Some Certificate Authorities (CA) will use or request you to use a particular browser for the enrollment of a code signing certificate for Automatic CSR generation..
- Some Organizations due to firewall restrictions may not allow a users browser to make this callout to the CA for the Automatic CSR generation and result in a failed enrollment. As a work around you can generate your own CSR and submit the self generated CSR to the CA in a CSR field they provide.
- The Digicert Certificate Utility for Code Signing has the ability to generate a CSR on the Windows system where the Utility is installed on. bypassing any issues with CSR generation or Firewall restrictions.
- If you use the utility to generate a CSR for code signing then once the certificate is issued you will have to import your code signing certificate using the utility to successfully configure your code signing certificate for signing, exporting as pfx, etc..
This article covers CSR generation and Importing the Code Signing Certificate after it has been issued from the CA.
Downloading and Installing The Digicert Certificate Utility.
- On your Windows server or workstation, download and save the Digicert Certificate Utility for Windows executable (DigiCertUtil.exe).
- Run the Digicert Certificate Utility for Windows by Double-click DigiCertUtil.
How To Generate a CSR for Code Signing:
To generate a CSR to get a Code Signing Certificate perform the following.
- Run the Digicert Certificate Utility by Double-clicking the DigicertUtil.exe.
- In the Digicert Certificate Utility, Click Code Signing.
- Click Create CSR.
- In the Create CSR window under Certificate Type, select Code Signing.
- In the Certificate Details fill out the following fields:
- Common Name: Enter the legal name of your Organization.
(Code signing certificates are issued to organizations names and not website like SSL) Example. Acmetek Global Solutions Inc. - Organization: Repeat the legal name of your organization again.
- Department (optional): Enter the sub team or organizational unit that this code signing certificate pertains to. Examples: Marketing, Mobile gaming, SSL Support Desk, Java code, etc..
- City: Legal corporate headquarters. Example Boston.
- State: Enter the state or province where your legal corporate headquarters is located.
Note: The state your organization is located in or if you’re creating a CSR for a location outside of the USA, you can enter anything into the list. It will accept any state name you type. - Country: From the drop down menu select the county.
- Keysize: Any will do. (Leave at default).
- Provider: Leave at default.
- Common Name: Enter the legal name of your Organization.
- When everything is filled and looking pretty click Generate.
- You will get another window that will display your Code Signing CSR request copy the text, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into the your CA order form.
- When you are done, click Close.
Congrats you have just created you have just generate your CSR. During the enrollment of your Code Signing Certificate the CA should provide you with a field to paste this CSR into.
After the Code signing gets issued you will then Import your Code Signing Certificate back into the utility.
To know the code signing certificate installation process, read this article- Install Your New Code Signing Certificate Into The Digicert Certificate Utility