What is a Software Publisher Certificate? How Do I Get One?

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00)
Loading...

Protect your software and put your customers at ease with a software publisher certificate

A software publisher certificate (also known as a code signing certificate or a software signing certificate) is a digital certificate that software publishers use to digitally sign software before releasing it to the public and/or their customers. Seems pretty straightforward, right?

Let’s go a bit further to explain what that really means.

Here’s What Your Software Looks Like When It’s Signed with a Software Publisher Certificate

Probably the easiest way to demonstrate how a software signing certificate works is with two screenshots.

The first screenshot shows the warning Microsoft Windows shows if you try to install software that hasn’t been signed:

Graphic: a warning users get when software isn't signed with a software publisher certificate

A little scary, right? Some users will think twice before continuing when they get this warning.

If your software has been signed with a trusted software publisher certificate, on the other hand, your users will see something like this:

A Windows Authenticode signature identifies the software publisher or developer for enhanced security.

Much better!

How Software Publisher Certificates Work

First of all, you’ll need to purchase a certificate — you can buy a code signing certificate from our website for just $219.45/year. Once you’ve got your certificate, here’s how it works:

  1. Sign your software. Once you’ve created a software file (e.g., an .exe) that you want to sign, you can use your code signing certificate and a signing utility like SignTool (a free Windows application) to apply a digital signature to your file.
  2. Hash value. When you sign your software file, a unique hash value of the file is generated.
  3. Verified digital signature. When you sign the software, your digital signature is applied to the software file and the hash value. (A digital signature is a cryptographic mechanism, not a means of digitally writing your name in cursive!) Your digital signature is, in turn, signed by Comodo CA if you’re using one of our certificates.
  4. Customer-end verification. When a user starts to install your software, their computer will automatically verify all the details of your digital signature:
    • Check with Comodo CA to ensure that your signature is trusted and valid.
    • Confirm that the hash value of the file hasn’t changed. (If it has, that means the file has likely been tampered with.)
    • Display your verified software publisher name to the user.

Get started here:

Code Signing Certificates

Save Up 42% On Comodo Code Signing Certificates

Want to sign your software to assure users and make installation easier? We sell all Comodo code signing certificates at up to 42% off.
View Code Signing Certificates

 

How Software Signing Certificates Protect Users & Software Publishers

The security alerts Microsoft displays hint at an underlying truth: software publisher certificates offer important protections to users and to publishers. Here’s how:

  • Verifies the publisher. The user can see the name of the person or organization that published the software. This helps users ensure they’re installing software from a publisher they trust.
  • Stops tampering. The install will be blocked if the software has been tampered with. This helps to prevent hackers from taking popular software, inserting malware, and distributing it to unsuspecting users.
  • Protects reputation. The software publisher’s reputation is protected by making it harder for malicious actors to use their software in nefarious ways.

Protect your software and your customers’ safety. Sign all of your code with a software publisher certificate.