How to choose the appropriate certificate brand when applying for code signing certificate?

Code signing certificate is the process of digitally signing executable programs and scripts , To confirm the identity of the software author , And ensure that the code has not been modified or damaged since it was signed .

To sign the code , Software publishers need to generate a private public key pair , And submit the public key CA, At the same time, send a request for code signing certificate .CA Verify the identity of the publisher , And verify the publisher's digital signature certificate request . If the audit and key verification process ,CA A code signing certificate will be issued .

With the code signing certificate , Publishers can sign code . When the code is signed , Some information is added to the original file containing the executable code . Users of the software publisher use these binding information to verify the identity of the publisher , And check whether the code signature has been tampered .

The official website of Microsoft recommends four brands of code signing certificates . Of these brands EV Code signing certificate It can carry out micro standard authentication and WHQL Signature .

They are ：

DigiCert： The United States CA, It has acquired Symantec Certificate business , Average distribution speed 1-3 A working day ;

Symantec： By DigiCert After purchase , It uses DigiCert Root certificate , Average distribution speed 1-3 A working day ;

Entrust： Canada CA Institutions , Strict certification , Audit specification , Very popular with users , Average release speed 1-3 A working day ;

GlobalSign： Japan GMO brand , The average publishing speed is 5-7 A working day ;

It is recommended to use DigiCert or DigiCert Its brand code signature certificate , reason ：

DigiCert At present, it is already a large-scale digital certification authority , Fast delivery , Support SHA1 and SHA256 Two algorithms , This is an advantage that no other certificate has ！

The following figure is a screenshot of Microsoft's official website ：

Apply for these EV What materials need to be prepared for the code signature certificate ？

these EV Code signing certificate only supports company application , That is, individuals cannot apply . The list of materials you need to prepare is as follows ：

Scanned copy or clear photo of the business license of the unit ;

Establishment dissatisfaction 3 Enterprises in also need to provide bank account opening licenses ;

Name of applicant 、 Phone number 、 Position 、 E-mail 、 Contact address ( If you are applying for Entrust brand , You also need to provide the name of the applicant's superior 、 Position 、 Telephone 、 mailbox .）

When necessary, , for example , If the unit applying for the certificate cannot answer the phone in the third-party database or has expired , We can prove to the enterprise through the cooperative law firm , To ensure the authenticity of the information , To ensure that customers can quickly 、 Simply apply EV Code signature certificate .

this 4 Brand EV What is the difference between code signing certificates ？

Are all Fuhe WebTrust Audit standard certificate , That is, all are trusted certificates .

But each has a little difference ：Symantec and DigiCert At present, it can also support SHA1 and SHA2 Two algorithms ,Entrust and GlobalSign Support only SHA2 Algorithm .

in addition , If you want to sign the English name of the enterprise on the certificate , that Entrust In this respect, it is relatively humanized .

therefore , The suggestion here is to apply DigiCert or DigiCert Of its brands EV Code signing certificate .