Menu Show

How to Generate a Certificate Signing Request for a Code Signing Certificate in Windows

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 4.22)

Your step-by-step directions on how to request a code signing certificate with a CSR

If you or your organization is responsible for developing or manufacturing software, configuration files, drivers, or other content that requires code, then a code signing certificate is essential. A code signing certificate attaches a digital signature to code that shows who published it and validates that the content has not been altered in any way since it was signed. This is beneficial to your cybersecurity because it prevents tampering and malware proliferation. It’s also beneficial to your organization’s reputation because it creates a greater sense of trust in your brand and products because end users can verify that the code really came from you.

Buy a Code Signing Certificate (If You Haven’t Already Done So)

If you’ve found this article, it’s likely that you’ve already purchased a code signing certificate and want to start using it. However, before you can do so, there are a few things you’ll need to do first. One of the first steps is to generate a certificate signing request (CSR) — a process that we’ll walk you through momentarily.

Note: Even though they share the same name (a certificate signing request), when you request a code signing certificate, it’s a different process than the one you’d use when generating a CSR for an SSL certificate.

If you haven’t bought a code signing certificate yet, it’s vital that you buy one from a trusted certificate authority (CA) such as Comodo CA, powered by Sectigo:  

SSL Certificate with Comodo Secure Logo

Save Up to 42% On Comodo Code Signing Certificates

You can typically save a significant amount by buying your code signing certificate directly. We sell all Comodo code signing certificates at up to 42% off.

Compare Code Signing Certificates

Purchase a Comodo Code Signing Certificate — Save up to 42%!

Want to sign codes and executables on Windows 8 or Windows 10? You can do so with ease using a Comodo Code Signing Certificate for as little as $219.45 per year.

What Happens When You Request a Code Signing Certificate

When you create a certificate signing request for a code signing certificate, you’re creating an encoded message about who you are as the requestor. This message will include several key pieces of information such as:

  • The publisher name (common name) for the certificate;
  • The public key half of your key pair; and
  • A contact email address for the certificate.

This information will be sent to the trusted certificate authority (CA) that will issue the code signing certificate. Let’s take the following as an example: Say you’ve purchased a code signing certificate from Comodo CA. When you generate the CSR, information about your or your organization will be sent to Comodo as the CA and will state that you’re requesting a digital certificate.

Here’s how to request a code signing certificate in Windows via your web browser:

How to Create a Certificate Signing Request for a Code Signing Certificate

A certificate signing request is a relatively straightforward process. We recommend using Firefox for this process because the browser has a unique function that allows the CSR process (and accompanying public/private key) to be generated quickly, securely, and easily.

To generate your code signing certificate request:

  1. Open your Firefox browser.
  2. Login to your account on your code signing certificate provider’s website.
  3. Locate your Incomplete code signing certificate.
  4. Click Generate Cert Now.
  5. Enter the required certificate information.
  6. Click Submit.
  7. The Firefox browser will generate the key pair.

This process will result in the issuance of an order number.

To receive your code signing certificate from your trusted CA, the next thing you’ll need to do is validate your code signing certificate. Once the validation is complete, the CA will issue and send the certificate to you as the certificate requestor via email. What you’ll need to do at this point is download the certificate as a PFX (.p12) file and save it to your desktop and export the file in FireFox.

Note: Be sure to use the same computer and browser you used to generate the CSR to complete this process. This is essential because your private key is stored on the computer you used to generate the code signing CSR.