Certum Open Source Code Signing
Certum Open Source Code Signing certificate is proof for your customers or those trying to install your software that a genuine developer has built the software. If you are working under the Open Source licenses.
This code-signing certificate is affordable and does the duty of fulfilling the need to meet the requirements set by the regulatory bodies. In addition, you can maintain the software integrity and make your application safer for the users to download and install.
Process
Buying Code Signing Cert
Select a reputable Certificate Authority (CA) like Sectigo, Certum and DigiCert when purchasing a code signing certificate. Decide between a standard or extended validation (EV) certificate, with EV offering higher security. Prepare necessary documentation for identity verification, including government-issued ID and incorporation documents. Generate a Certificate Signing Request (CSR) using tools like OpenSSL. Submit your application to the CA with the CSR and required documents. The CA will issue your certificate after validation, which is quicker for standard and lengthier for EV certificates. Install it to sign your code, ensuring its integrity and authenticity and building user trust. Safeguard your private key and monitor for misuse, renewing the certificate before it expires.
Procurement of Code Signing Certificate
In the evolving software security landscape, procuring a Code Signing Certificate has become crucial for developers. The process starts with selecting a reputable Certificate Authority (CA), like Certum or Sectigo, which now offers advanced delivery methods: Cloud-based signing, USB token-based Certificates. Certum's Simply Sign provides flexibility and easy access, allowing code signing from anywhere. Conversely, Sectigo's USB token-based delivery ensures heightened security by requiring physical token possession to sign the code. After choosing the delivery method, gather the necessary documentation and submit your application. Upon validation, you receive your certificate, enabling secure software distribution by verifying code integrity and origin.
Validation Process (OV)
Certum offers Open Source Code Signing certificates solely to individuals, discontinuing telephone verification since March 13, 2017. Applicants must verify their identity through a Registration or Identity Confirmation Point visit, notarized proof, or a full copy of an ID document. A utility bill and the URL of an active Open Source project proving the applicant's involvement are also needed. Documents should be sent via email to [email protected], fax, or mail. Certificates don't include domain names/IP addresses, and the applicant must be the certificate holder. The “CN” field will read “Open Source Developer.” For more details, visit Certum's documentation.
Certum Code Signing Activation
Great, you have completed Validation process. To activate a cloud-based Code Signing certificate, an account is automatically set up in the SimplySign application, acting as a virtual cryptographic card, using the email associated with your Certum store account.
Requirements for using cloud-based Code Signing include:
- The SimplySign Mobile application is available for Android devices running version 6.0 or higher or any version of iOS.
- The SimplySign Desktop application
- An internet connection.
- Click Here Code Signing SimplySign – installation
Improved Customer Confidence
Trusted Distribution
Protect Software Integrity
Asserts that there has been no alteration to the Software
Increased Downloads and Installation rates
Supported on Windows, Java and Mac
Verify Identity as a Genuine Open Source Developer
Increased Sales and Conversion
RSA/DSA 3072-bit Cryptographic Keys
Best For Open Source
Product Specifications
- Security & Encryption: 32-bit or 64-bit executable software signing using Public key
- App & Software Support: Unlimited App or software codes signed using one certificate
- Supported Platforms: Windows 8, .exe, .docm, .pptm, .xpi, .jar, war, .ear, .dll, .ocx, .cab, .msi, .sys files, .cat, .msp, .xpi, .ocx, etc. and is supported by platforms: Microsoft, Office, Firefox, Adobe, Java, etc.
- Refund: 30-day Guaranteed Refund
Features
- Supports All Major Platforms: UNIX/Linux software, Adobe AIR, Extensions for Firefox and Netscape, Java applets, Internet applications based on JAVA technology, ActiveX components and controls, Binary files (.exe)
- Secure SHA 2 Function: Certum uses SHA 2 function, the latest code signing standard worldwide.
- Sign Your Application: Sign up your software, and you are good to go with filling the trust of your customers or users.
- Length of Cryptographic Keys: Certum provides RSA and DSA 3072-bit data.
As an independent or open source developer, you would need to get rid of the unknown publisher warning since it fills trust and confidence in the users. Certum Open Source Code Signing helps you with the same.
Signing your software code with Certum Open Source Code Signing Certificate motivates the users to download your software since. In addition, the signed software assures the customers that it has not been altered or tampered with.
Certum Open Source Code Signing certificate complies with the regulatory standards for public key certificates. With such a standard met, the certificate is ideal for your open-source license software since all the browsers and operating systems follow the standards and allow software that complies with set standards like X.509 v.3 (RFC5280).
Code-signed software by open source licenses makes the customers or users feel confident downloading your software. This way, the users can trust the software the Open Source licenses provide and feel confident in making in-app purchases, if any.