Now that you’ve received a new Yubikey Token or Thales SafeNet (Gemalto) token containing your Code Signing certificate, you may be wondering just what to do next. This FAQ answers common questions you may have about how to get started with your new certificate and USB token.
Your Code Signing certificate is also capable of hardware-free volume signing, team sharing, and CI/CD automation using the eSigner cloud signing platform. SSL.com’s eSigner cloud signing service allows you to easily apply globally trusted digital signatures and timestamps to your code from anywhere, without the need for USB tokens, HSMs, or any special hardware. To enroll for eSigner with your Code Signing certificate visit the enrollment how-to or visit the overview page for more information about the eSigner platform.
To sign files with your Code Signing certificate, simply plug the token into your computer and refer to this SSL.com article: Using Your Code Signing Certificate. Instructions will vary depending on the token or tool that you have.
- For instructions on using Microsoft SignTool with your Yubikey token, please refer to the section titled: Signing an Executable with Yubikey.
- For instructions on using Microsoft SignTool with your Thales SafeNet (Gemalto) token, please refer to the section titled: Code Signing with a Thales SafeNet (Gemalto) USB token
- For instructions on using Microsoft SignTool and SSL Manager with your Code Signing certificate, please refer to the section titled, Signing an Executable with SSL Manager.
- For instructions on using your code signing certificate with Java, please refer to our Java Code Signing Guide.
Signing kernel-mode and user-mode drivers in Windows 10 requires registration with the Windows Hardware Dev Center program. After you sign your driver with your certificate, it must be submitted to the Hardware Dev Center for signing by Microsoft. For complete information, please refer to Microsoft’s documentation:
• Kernel-Mode Code Signing Requirements
• Get started with the hardware dashboard program
• Register for the Hardware Program
After ordering your Code Signing certificate, you can navigate to the user portal and begin the process there. Get more details on the process in this helpful guide.
Code Signing certificate users can also use their certificate for hardware-free volume signing, team sharing, and CI/CD automation using the eSigner cloud signing platform. Find out more with this SSL.com article: Cloud Code Signing Automation with CI/CD Services.