A code signing certificate is a digital certificate that verifies the authenticity and integrity of software code.
They are essential for software developers who want to securely distribute their applications or updates. A DigiCert code signing certificate ensures that your code has not been tampered with.
It also helps ensure that your code hasn’t been modified by malicious actors. So, when you sign the code, you establish trust with users.
You assure them that the software comes from a legitimate source and has not been altered during distribution. This helps protect users from downloading and installing malicious or unauthorized software.
How to Install DigiCert Code Signing Certificate?
When you install DigiCert code signing certificate, it may seem daunting, that is not always the case—especially if you know the basics. Before you start installing your DigiCert code signing certificate, ensure you have the following:
- DigiCert-provided hardware token. These includes the SafeNet 5110 CC, SafeNet 5110+ FIPS or SafeNet 5110 FIPS.
- EV Code Signing or Code Signing certificate order number.
- Administrator permissions on your computer.
- Secure password manager to track passwords.
- Owner privileges to your certificate’s Order details page in CertCentral.
Step 1, Check if your eToken is blank or has the certificate preinstalled:
Go to your CertCentral account and navigate to your certificate’s Order details page. Look at the Certificate actions dropdown menu:
- If it shows “Install certificate,” the eToken is blank. Proceed to Step 2.
- If it shows “Initialize token,” the certificate is preinstalled. Proceed to Step 6.
Step 2, Install your code signing certificate on your eToken:
In your CertCentral account, go to Certificates > Orders. Select the certificate’s order number. In the Certificate detail section, choose “Install certificate” from the Certificate actions dropdown. Download the DigiCert Hardware Certificate Installer. Install it and then proceed to also install the SafeNet Authentication Client on the system where you’ll use eToken for code signing.
Step 3, Copy the initialization code:
Open the DigiCert Hardware Certificate Installer. Enter the initialization code from your CertCentral account on the Initialization Code page.
Step 4, Plug in your eToken and re-initialize:
Connect your eToken to the computer. On the Token Detection page, select “Re-initialize my token” to delete existing certificates and keys. If you need to keep your current certificate on the eToken, leave the Re-initialize option unchecked.
Step 5, Set up key information:
On the Key information page:
- For RSA key types, select RSA as the Key Type and 4096 as the Key Size.
- For ECC key types, select ECC as the Key Type and p-256 or p-384 as the Key Size.
Step 6, Configure token settings:
On the Token Setup page:
- Add a Token Name to identify the eToken.
- Create a Token Password (token PIN) required to get the certificates on the eToken.
Step 7, Set the Administrator Password:
On the Administrator Password page, you can keep ‘Factory default admin password’ in case if you have not changed it.
If you have set a new Administrator Password, uncheck the default option and enter the current password.
8. Step 8, Wait for certificate installation:
On the Certificate Installation page, patiently wait for the process to complete. Creating an RSA 4096-bit key may take time.
Step 9, Finish and close the installer
Select “Close” to complete the installation when the process finishes.
Congratulations! You can now use the code signing certificate on your eToken to sign the code.
Now you can use the certificate on your eToken for code signing.
FAQs
What should I do if I lose my eToken password?
What should I do if I lose my eToken password?
Losing your eToken password can be problematic as it may result in the permanent locking of the eToken. If you lose the Administrator Password, contact DigiCert Support to order a new eToken. It’s crucial to securely manage and store your passwords to avoid such situations and ensure continued access to your certificates.
Can I use the same eToken for multiple code signing certificates?
Yes, you can use the same eToken for multiple code signing certificates. The eToken acts as a secure storage device for the private keys associated with the certificates. By using a single eToken, you can manage and protect multiple code signing certificates efficiently.
Closing Thoughts
Installing DigiCert code signing certificate correctly is crucial to maintaining your software distribution’s security and integrity. If you have any specific concerns or additional questions, it’s always best to consult with DigiCert Support for personalized assistance.
Recommended Resource
