Microsoft EV Code Signing Certificate — What to Know & How to Get One

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 4.11)
Loading...

If you’re a programmer, here’s what you need to know about EV code signing certificates and how they can help you receive automatic trust from Microsoft SmartScreen

Graphic: Code signing Visual Studio error
Don’t want to display this message? This is what it looks like for users when your software isn’t signed by a code signing certificate.

As a developer, you’re responsible for creating the best software possible. Of course, part of that responsibility extends to ensuring that what you create is trusted by clients — otherwise, what’s the point? This requires the use of code signing certificates. But if you want to achieve instant application reputation from Microsoft SmartScreen, the only way to do so is by using a Microsoft EV code signing certificate… well, really, any extended validation (EV) code signing certificate.

We hate to bust your bubble, but it’s important to point out that Microsoft SmartScreen doesn’t actually issue EV code signing certificates. Instead, this security filter instantly trusts EV code signing certificates that are issued by industry-trusted certificate authorities (CA) such as Comodo CA. However, we’ll still refer to them as Microsoft EV code signing certificates throughout this article since that’s what brought you to us in the first place.

Don’t be bummed. We have a solution that will help you accomplish your code signing goals — and we’ll get to that momentarily. In the meantime, let’s break down what an EV code signing certificate is and how it works, how it differs from other code signing certificates, and where you can get one.

What is an EV Code Signing Certificate and What Does It Do?

A Windows Authenticode signature identifies the software publisher or developer for enhanced security.
This sure looks better, doesn’t it? This is how it looks when a piece of software is signed by a code signing certificate and receives instant trust as a verified publisher.

There’s a lot to know about how EV code signing certificates work. Thankfully, we’ve already covered that in another section of our site, but we’ll just briefly cover it here as a refresher.

The CA Security Council states the purpose of code signing certificates rather well: “Code signing is the process of digitally signing executables and scripts to confirm the identity of the software publisher and guarantee that the code has not been altered or corrupted since it was signed.” It does this by using a hashing algorithm to create a hash of code, which is then signed by a private key. Together, the original code and signed hash are bundled with the code signing certificate to create a handy software package that’s ready for immediate distribution.

Pretty nifty, huh? But there are a couple of important differences between standard and EV code signing certificates

How Microsoft EV Code Signing and Regular Code Signing Certificates Differ

When comparing these two types of certificates, there are a few other important distinctions:

  • EV Code Signing Certificates Require Greater Authentication. EV code signing certificates require a rigorous vetting process by your issuing certificate authority (CA) of choice before it can be issued.
  • EV Code Signing Certificates Can Only Be Issued for Organizations, Not Individuals. Our apologies to individual developers, but EV isn’t an option for you. Even though regular code signing certificates can be issued with individual validation (IV), that’s not the case for EV code signing certificates. They can only be issued to organizations and businesses.   
  • EV Code Signing Certificates Offer Added Security. Unlike regular code signing certificates, the EV certificate private keys are stored on encrypted hardware tokens. The use of a PIN for signing is also required for added security. Conventional code signing certificate private keys, on the other hand, are stored on a server.

Not sure how to get a Microsoft EV code signing certificate? Look no further.

How to Get a Microsoft EV Code Signing Certificate

  1. Purchase a certificate. You can do this right here at ComodoSSLstore.com. For example, we sell Comodo EV Code Signing certificates that work with Microsoft Authenticode, Silverlight, Office and VBA, as well as all major platforms (including Adobe AIR, Java, Mozilla, etc.).
  2. Request Your Certificate. After you complete your purchase, you’ll need to provide your organizational details to the issuing CA.
  3. Undergo Validation. Provide your CA with any required information or documentation as part of the verification process.
  4. Wait for Your Token to Arrive. Once all of this is done and your certificate is issued, the CA will ship your EV code signing certificate token (a USB drive) directly to you.

That’s it! It’s really that easy to get an EV code signing certificate for your organization.

SSL Certificates

Save Up to 42% on Microsoft EV Code Signing Certificates

Get instant trust from the Microsoft SmartScreen filter with a Comodo EV code signing certificate!
Shop Now