Sep 8, 2025
OVERVIEW: This page outlines everything you need to know about GlobalSign Code Signing Certificate. For certificate installation instructions, please refer to this guide. Can't find what you're looking for? Get in touch for assistance. |
GENERAL INFORMATION
WHAT IS A CODE SIGNING CERTIFICATE?
WHAT IS THE DIFFERENCE BETWEEN STANDARD AND EXTENDED CERTIFICATES?
WHAT IS THE MINIMUM REQUIREMENTS FOR CODE SIGNING CERTIFICATES?
CERTIFICATE MANAGEMENT
CAN I USE THE SAME CERTIFICATE ON MULTIPLE COMPUTERS?
CAN I SIGN A FILE REMOTELY?
HOW TO ENABLE SINGLE SIGN-ON?
CODE SIGNING USING GLOBALSIGN'S CODESIGNING CERTIFICATE
DO DIFFERENT PLATFORMS HAVE DIFFERENT REQUIREMENTS FOR SIGNING CODE?
WHAT ARE THE REQUIREMENTS FOR SIGNING CODE FOR WINDOWS?
ARE THERE ANY ADDITIONAL REQUIREMENTS FOR WINDOWS CODE SIGNING?
DO I NEED TO SIGN ALL DLLS INCLUDED IN MY APPLICATION?
WHAT UTILITIES ARE REQUIRED TO SIGN FILES?
Standard Code Signing Certificates undergo standard organization validation. EV Code Signing Certificates undergo strict Extended Validation vetting requirements set by the CA/B Forum. EV Code Signing Certificates are required to access the Windows Hardware Developer Center Dashboard Portal through which all kernel-mode drivers targeting Windows 10 (Build 1607 and later) must be signed
What is the minimum requirements for Code Signing Certificates?The Minimum Requirements specify that CAs shall ensure stronger protection for private keys. All EV Code Signing Certificates, will require a USB token. All New and Renewal EV Code Signing orders will require a USB token to store the Certificate and protect the private key. Also, all standard Code Signing products - except for EV Code Signing - will be integrated to one “multi-platform” Code Signing Certificate. To learn more about the Code Signing minimum requirements, please refer to this page. |
To order, renew and reissue your GlobalSign Certificate, please refer to this page. For Certificate installation, please see this page.
Both the Standard Code Signing Certificates and EV Code Signing Certificates cannot be accessed through Remote Desktop (RDP). The USB token must be plugged in to the local computer. Note: Signing a file remotely will depend on the key storage. A local USB token can be used to sign a file on a remote machine but a remote USB Token cannot be used for signing at all.
To start signing code using GlobalSign's CodeSigning Certificate, please refer to this page.
The requirements for Windows code signing will vary depending on which version(s) of Windows you are targeting and what type of code you are signing. Microsoft has different requirements for code that will run in user-mode versus code that will run in kernel-mode.
Code that runs in user-mode can use Certificates that chain back to a trusted CA, such as GlobalSign. For kernel-mode signing, the Certificate chain must terminate at Microsoft's Root CA. To accomplish this, GlobalSign provides a Cross-Certificate that allows our Code Signing Certificates to chain back to Microsoft's Root CA and be trusted for kernel-mode signing.
Windows (all versions) has an additional requirement. Kernel-mode drivers must be signed by the Windows Hardware Developer Center Dashboard Portal which requires an EV Code Signing Certificate to access.
Are there any additional requirements for Windows code signing?Another factor is the signature algorithm used to sign your Certificate as well as the signature algorithm used to sign code. For more specifics on these requirements, view our Windows Code Signing Hash Algorithm Support article. Note: Starting January 26, 2021, GlobalSign will no longer offer SHA-1 Authenticode and CodeSign Timestamping services. |
Windows does not check signatures on DLLs when loaded by an executable. There are exceptions to this such as DRM-related DLLs, and all modules on WindowsRT/ARM. If those scenarios do not apply, it is not necessary to sign the DLLs, however a reason to sign each DLL is to run an integrity check each time your application launches.
What utilities are generally required to sign files?Windows: |
Check your certificate installation for SSL issues and vulnerabilities.