>
Sign Windows, macOS, drivers and scripts so OSes and users trust your software.
A code-signing certificate cryptographically signs your binaries so users and operating systems can verify they came from you and haven't been tampered with. Without it, Windows SmartScreen blocks your installer, macOS Gatekeeper refuses to launch, and savvy users won't run "unknown publisher" software. Four tiers below, from indie developer to Extended Validation.
Indie developer, registered company, sole-proprietor business, or high-volume publisher needing instant SmartScreen trust.
Sign software as a verified individual developer.
The standard tier for software companies โ sign under your verified company name.
EV-grade signing for solo developers โ no corporation needed.
Top tier โ instant Microsoft SmartScreen reputation from the first signed download.
| IV | OV | Sole Prop EV | EV | |
|---|---|---|---|---|
| Validation | Individual | Organization | Sole proprietor (EV-grade) | Organization (EV-grade) |
| Hardware token | Required | Required | Required (FIPS) | Required (FIPS) |
| SmartScreen reputation | Builds over time | Builds over time | Instant | Instant |
| Best for | Indie devs | Software companies | Solo commercial devs | Enterprise / driver publishers |
Windows SmartScreen blocks unsigned installers with a red warning. macOS Gatekeeper refuses to launch unsigned apps. Without a code-signing certificate, your install funnel breaks at the most fragile step โ the first user click.
Yes. Microsoft grants EV-signed binaries reputation that new OV signatures must earn over time across successful installs. For consumer-software vendors with marketing traffic, that benefit alone usually pays for the EV tier.
Some Windows kernel-mode driver scenarios โ including certain Windows Hardware Developer Center submissions โ require EV code signing. Check your specific driver-publishing path.
Yes โ current industry rules require all code-signing private keys to be stored on a hardware token (or HSM) for all tiers. SSL.com provides the token with the order.
Yes. A timestamped signature remains valid after the certificate expires. SSL.com runs a free RFC 3161 timestamp authority.
From indie developer to high-volume publisher, there's a code-signing tier that fits your release pipeline.