Thawte® Code Signing Certificate
Add a Layer of Assurance to Your Code and Earn Your Customers' Trust
Is your code secure?
With the advent of online distribution, developing and disseminating functional code is easier than ever. However, such an environment also subjects code and software to potential dangers presented by fraudulent and malicious code. Don't expose your customers to these threats. With a Thawte® Code Signing Certificate, you can protect your customers and provide them with the safe, trustworthy code they deserve.
What is Code Signing Certificate?
A Code Signing Certificate is a set of data that identifies an existing entity. The certificate presents the entity's public cryptographic key, allowing the public user to verify the sender's identity.
Code Signing Certificates frequently use digital signatures to verify the identity of the content's creator, as well as confirming that the content has not been tampered with since it was originally distributed. With the rapid growth of content distribution thanks to the Internet, code signing is absolutely critical for securing the delivery of content to the consumer. Code Signing Certificates with digital signatures allow publishes to sign .exe, .cab, .dll, and .ocx files; Java Applets and MIDlets; Microsoft® Office documents with macros; and Apple desktop applications.
The Distribution Process for Code Signing Certificates:
The primary goal of a Code Signing Certificate is to confirm the public key contained in a certificate is, in fact, the public key belonging to the person or entity to whom the certificate is issued.
The implementation of digital certification involves a signature algorithm (digital signature) for signing the certificate.
- The client sends a certification request containing name and public key to a certification authority. As an SSL reseller, sslrenewals.com represents 4 different certification authorities: DigiCert, Thawte, GeoTrust, and RapidSSL. For the purposes of this Code Signing Certificate, sslrenewals.com represents Thawte.
- Thawte creates a special message per the software publisher’s request, which constitutes most of the data in the certificate. Thawte signs the message with its private key, obtaining a separate signature (sig) in the process. Then Thawte returns the message and the signature to the software publisher. Together, these two parts form the certificate.
- The software publisher then sends the certificate to an end user to convey trust in the public key.
- The end user verifies the signature sig using the Thawte’s public key. If the signature is verified, he accepts the software publisher's public key.
As with any digital signature, anyone can verify, at any time, that the certificate was signed by Thawte, without access to any secret information. The end user needs only to get a copy a certificate in order to access the certificate authority's public key.
Who needs a Thawte® Code Signing Certificate from sslrenewals.com?
It is absolutely necessary for any publisher intending to distribute code or content over the Internet or corporate networks to use a Code Signing Certificate. Secure customers are happy customers. Code Signing Certificates allow business and software publishers to assure their customers about who produced the content and that it has not been tampered with since it's initial distribution. Newer operating systems and Internet browsers are often set to higher security levels, which often require signed content. Software publishers who do not use a Thawte® Code Signing Certificate simply won't be taken seriously in today's environment.
Obtaining Certification from Thawte and other Certificate Authorities:
To obtain a certificate from Thawte and other certificate authorities represented by sslrenewals.com, a software publisher must meet the criteria for either a commercial or an individual publishing certificate and submit these credentials to either a CA or a local registration authority (LRA). The criteria discussed below have been proposed by Microsoft. Note that standards bodies, such as the World Wide Web Consortium (W3C), are reviewing these criteria and they are subject to change. A description of the overall process of obtaining a certificate for code signing ends this section of the document.
Commercial Certification:
In order to acquire a Commercial software publishing certificate, applicants must meet the following prerequisites:
- Identification - Applicants must submit their name, address, and other material that proves their identity as corporate representatives. Proof of identify requires either personal presence or registered credentials.
- The Pledge - Applicants must pledge that they will not distribute software that they know, or should have known, contains viruses or would otherwise harm a user's computer or code.
Individual Certification:
The following prerequisites must be met for an individual requesting software publishing certificate:
- Identification – Applicants must submit their name, address, and other material that will be checked against an independent consumer database to validate their credentials.
- The Pledge – Applicants must pledge that they cannot and will not distribute software that they know, or should have known, contains viruses or would otherwise maliciously harm the user’s computer or code.
The value of an individual SPC is in the information it provides to users so they can decide whether or not to download the code. Knowing who authored the code, and that the bits have not been altered from the time the code was signed to the present, is reassuring information. Additionally, a browser could be used to access a publisher's Web pages so the user can obtain detailed information about the signed code, the author, and the certificate authority. After learning about this code and the author, the user might decide to run the code, or all future code, coming from this particular individual.
Additional Information About Thawte® Code Signing Certificates:
- Thawte does not certify the content of a software publisher's code. Code signing certificates are only used to verify the publisher who signed the content and that the content has not been altered or corrupted.
- It is of critical importance that you time stamp your code when signing it. Time stamping ensures that signed code will not expire when the code signing certificate expires. Signed code which has been time stamped is valid, even after the code signing certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code whenever the code signing certificate changes due to re-keying or renewal.
-
In order to verify whether or not a file has been time stamped, follow these directions:
- Windows - Use the SignTool.exe utility included with the Windows SDK to verify the presence of a time stamp in code which has been signed.
- Software publishers should ensure that their customers have the latest Microsoft roots. For Windows XP, everything is automatic. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content.
Get in touch with The SSL Renewals about purchasing the secure, reliable Thawte® Code Signing Certificate – today.
The New Warranty Limits
DigiCert has recently extended the warranty limits for many SSL products (including DigiCert ®, Thawte ® and GeoTrust ® brands) which, in some cases offer a distinct advantage over the competition. DigiCert SSL Certificates now include up to $1,500,000 of NetSure ® protection.
New warranty limits for NetSure Certificates are as follows and coverage applies to Certificates issued on or after July 30, 2011. Thawte Code Signing Certificate warranty is $500,000