Menu

Download and Install Code Signing Certificate

Jun 24, 2025

OVERVIEW: This page walks you through the process of downloading and installing your GlobalSign Code Signing Certificate using the installation and key generation methods you selected. At the completion of this procedure, your Certificate will be ready to place signatures on drivers, executables, and other files. Learn more about Code Signing Certificate management and other FAQs here

Menu Option

During ordering, you were given an option to choose the implementation method (Token or HSM) you prefer for your Code Signing certificate. Based on your selection, install your GlobalSign Code Signing Certificate with the following guidelines: 

Token-based Installation

IMPORTANT: GlobalSign-provided eToken is mailed to you upon ordering GlobalSign's Code Signing Certificate. The minimum required supported key size of the eToken for Code Signing certificate is 4096 bits. Ensure that you have your eToken handy before proceeding with the process. This implementation has two key generation methods: Enrollment with Fortify and Download using Internet Explorer (IE) Compatibility Mode. 

 

Install Code Signing Certificate Using Microsoft Edge in IE Compatibility Mode

IMPORTANT: If you selected the Enrollment with Fortify as key generation method during the ordering process, proceed with install your certificate using Fortify. Otherwise, you need to cancel your current order and reorder to change your selection. 

Prerequisites

  1. Approved and vetted GlobalSign Code Signing Certificate.

  2. GlobalSign-provided SafeNet eToken. Depending on your need, do the following actions:

    For New Orders
    • Download and install SafeNet Authentication Client drivers.
    • Initialize SafeNet eToken. This is a requirement when setting up the SafeNet eToken for the first time. 

    For Renewals and Reissues
    • You may still use compatible and existing SafeNet eTokens as long as it meets the required supported key size.

    IMPORTANT: If the supported key size of your current token is not compatible with code signing, request for a new token during the renewal/reissuing process. 


    • If your eToken is still compatible and you do not want to make any changes with your current token password, initializing your eToken is not required. You may proceed with the guidelines. 

    WARNINGInitializing your eToken will delete all certificates currently installed there and they will have to be reissued and installed again.              

  3. For Certificate pickup, you must have access to a Windows PC to proceed. Once the Certificate is installed and stored in the removable device, you may sign from other platforms such as OS X. You are also required to open the pickup link in Microsoft Edge with IE Compatibility Mode enabled, then continue with the guidelines.

IMPORTANT: Standard Code Signing Certificate is now issued of R45 Intermediate Certificate and you may need to include the R3-R45 Cross Certificate 

Guidelines

  1. Open the Certificate Download Ready email and launch the pickup link using Microsoft Edge with IE Compatibility enabled

  2. Enter the Temporary Pickup Password that was set at the time of ordering and click Next to continue. 

    Capture_01a.jpg

  3. In the Web Access Confirmation prompt, click Yes to allow digital certificate operations. 

  4. In the Install Certificate window, choose one from the Cryptographic Service Provider drop-down options:

    • If you want to install the GlobalSign-provider SafeNet eToken, select eToken Base Cryptographic Provider
    • If you want to install a private-owned smart card, select Microsoft Base Smart Card Crypto Provider

    Then, tick the box to agree to the subscriber agreement and click Next. 

    Capture_4.jpg

  5. Insert your SafeNet USB token into your computer.

  6. Enter the password for your USB token. This was set during the initialization process, then click OK.

    safenet.png

    WARNING: The screen may appear to freeze for a minute or two. DO NOT press any button on your browser until the process is complete as it will interrupt the progress. There should be a blinking light from your eToken and a message in the screen reminding to wait for a while. 
  7. Once the token has finished the keypair generation, click the button to Install My Certificate.

    Capture_7.jpg
  8. In the Web Access Confirmation prompt, click Yes to allow digital certificate operations. 

    Capture_8.jpg
  9. Click OK to complete the process. 

    success.png
  10. You are now ready to use your certificate.

 

 

Install Code Signing Certificate Using Fortify

IMPORTANT: If you selected the Download using Internet Explorer (IE) Compatibility Mode as key generation method during the ordering process, proceed with install certificate using Microsoft Edge in IE Compatibility Mode. Otherwise, you need to cancel your current order and reorder to change your selection.

Prerequisites

  1. Approved and vetted GlobalSign Code Signing Certificate.

  2. GlobalSign-provided SafeNet eToken. See eToken related prerequisites above.

  3. Downloaded and installed Fortify App in your operating system. Ensure that you meet the following system requirements: 

    • Browsers supported by Fortify: Microsoft Edge, Safari, Firefox and Chrome
    • OS supported by Fortify: MAC OS 10.12 or higher, Windows 7 or higher, and Ubuntu 16.04 or higher

  4. For Certificate pickup, you must have access to a Windows PC to proceed. Once the Certificate is installed and stored in the removable device, you may sign from other platforms such as OS X.

IMPORTANT: Standard Code Signing Certificate is now issued of R45 Intermediate Certificate and you may need to include the R3-R45 Cross Certificate.  

 Guidelines

  1. Open the Certificate Download Ready email and launch the pickup link using any browser. 
  2. Enter the Temporary Pickup Password that was set at the time of ordering and click Next to continue. 

  3. Tick I agree to the terms above box, then click Next

  4. A pop-up window for the authorization of code will appear on the Access Permission and on Fortify Authorization. If the both codes matched, click Approve to continue. 

  5. In the Create Certificate Request or Self-Signed Certificate window, review the DN or Certificate Identity Detail Information. Then, click Create to continue. Note: If you haven't yet, make sure that your eToken is plugged in to your computer at this point. 

  6. A pop-up window will appear, then enter the token passwordNote: Please wait for a while as it will take a few seconds to process. 

  7. On the Install Certificate window, under Select Provider, select the token that you setup (as a prerequisite). Then, click Start to proceed. 

  8. Once Certificate is successfully installed on the token (or local certificate store), a pop-up confirmation window will appear. Click on OK
  9. You are now ready to use your certificate.

 

HSM-based Installation

IMPORTANT: For HSM-based installation, FIPS 140-2 Level 2 compliant is the required HSM to use to generate the CSR and private key for EV Code Signing certificate. The CSR should be created with a key size of 4096 bit or greater. You will be prompted to provide the CSR during the certificate pick up process.

Prerequisites

  1. Approved and vetted GlobalSign Code Signing Certificate.

  2. Internal or external audit letter will be required stating that the subscriber will be using compliant HSMs for EV CodeSigning Certificates.

  3. For Certificate pickup, you must have access to a Windows PC. Once the Certificate is installed, you may sign from other platforms such as OS X.

Guidelines

  1. Open the Certificate Download Ready email and launch the pickup link using any available browser. 
  2. Enter the Temporary Pickup Password that was set at the time of ordering and click Next to continue. 

  3. Enter your CSR on the Enter CSR Required box. Then, tick I Agree to the subscriber Agreement and click Next to proceed. 
    Note: Paste the CSR generated on the HSM which is FIPS 140-2 Level 2 compliant.

  4. Download your Digital Certificate and Intermediate Certificates.

  5. Import the Certificate into your HSM.
     

    IMPORTANT: These Certificates will match the private key used to generate the CSR submitted during the ordering process, for information on how to import these Certificates on your HSM, please consult your HSM vendors instructions.
  6. You are now ready to use your certificate.

Related Articles

Code Signing Best Practices

Mar 2, 2020, 6:33 AM

GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.

Read More

Ordering an EV Code Signing Certificate (HSM-Based)

Mar 2, 2020, 6:51 AM

The following article will walk you through the ordering process of an EV Code Signing Certificate (HSM-Based). If this is not the solution you are looking for, please search for the solution in the search bar above.

Read More

Download and Install Code Signing Certificate (HSM-Based)

Mar 2, 2020, 7:10 AM

This page walks you through the process of downloading and installing you GlobalSign Code Signing Certificate using HSM. At the completion of this procedure, your Certificate will be ready to place signatures on drivers, executables, and other files.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support