>
๐Ÿ›ก๏ธ Sign software so users โ€” and Windows โ€” trust it ยท 4 Code Signing tiers
Certificates โ€บ Code Signing Certificates
Software Integrity ยท Code Signing

Code Signing Certificates

Sign Windows, macOS, drivers and scripts so OSes and users trust your software.

A code-signing certificate cryptographically signs your binaries so users and operating systems can verify they came from you and haven't been tampered with. Without it, Windows SmartScreen blocks your installer, macOS Gatekeeper refuses to launch, and savvy users won't run "unknown publisher" software. Four tiers below, from indie developer to Extended Validation.

โœ“ Trusted by Windows, macOS, Java โœ“ Hardware-token signing โœ“ Time-stamping included โœ“ Removes 'unknown publisher' warnings

Pick the code-signing tier that matches your release pipeline

Indie developer, registered company, sole-proprietor business, or high-volume publisher needing instant SmartScreen trust.

IV ยท Individual

IV Code Signing

Sign software as a verified individual developer.

  • Government-ID validation
  • Hardware-token storage
  • Time-stamping support
  • Indie-developer friendly
Developer-grade Learn more โ†’
OV ยท Organization

OV Code Signing

The standard tier for software companies โ€” sign under your verified company name.

  • Organization validation
  • Hardware-token storage
  • Removes 'unknown publisher'
  • B2B-ready signing
Business-grade Learn more โ†’
Sole Proprietor EV

Sole Proprietor EV

EV-grade signing for solo developers โ€” no corporation needed.

  • EV validation, sole-prop friendly
  • Instant SmartScreen reputation
  • FIPS hardware token
  • No need to incorporate
EV ยท Highest

EV Code Signing

Top tier โ€” instant Microsoft SmartScreen reputation from the first signed download.

  • Extended Validation
  • Instant SmartScreen reputation
  • FIPS 140-2 hardware token
  • Required for some Windows drivers
Enterprise Learn more โ†’

Code Signing tiers compared

IVOVSole Prop EVEV
ValidationIndividualOrganizationSole proprietor (EV-grade)Organization (EV-grade)
Hardware tokenRequiredRequiredRequired (FIPS)Required (FIPS)
SmartScreen reputationBuilds over timeBuilds over timeInstantInstant
Best forIndie devsSoftware companiesSolo commercial devsEnterprise / driver publishers

Frequently asked questions

Why does code signing matter?

Windows SmartScreen blocks unsigned installers with a red warning. macOS Gatekeeper refuses to launch unsigned apps. Without a code-signing certificate, your install funnel breaks at the most fragile step โ€” the first user click.

Is the 'instant SmartScreen reputation' on EV real?

Yes. Microsoft grants EV-signed binaries reputation that new OV signatures must earn over time across successful installs. For consumer-software vendors with marketing traffic, that benefit alone usually pays for the EV tier.

Do I need EV for Windows kernel-mode drivers?

Some Windows kernel-mode driver scenarios โ€” including certain Windows Hardware Developer Center submissions โ€” require EV code signing. Check your specific driver-publishing path.

Do I really need a hardware token?

Yes โ€” current industry rules require all code-signing private keys to be stored on a hardware token (or HSM) for all tiers. SSL.com provides the token with the order.

Should I always add a timestamp?

Yes. A timestamped signature remains valid after the certificate expires. SSL.com runs a free RFC 3161 timestamp authority.

Ship software OSes โ€” and users โ€” will trust

From indie developer to high-volume publisher, there's a code-signing tier that fits your release pipeline.