Get your own Code Signing Certificate

Signing your code with a Digital Signature assures your customers that the program really comes from you and hasn't been altered or corrupted since it was created and signed. A Digital Signature serves as virtual "shrinkwrap" for your program. After you sign your program, if it is tampered with the Digital Signature will break and alert customers that the program has been altered and is not trustworthy.

To sign your code you need a Code Signing Certificate, which you get from a Certificate Authority. The Certificate Authority will take steps to verify you are who you say you are before issuing the certificate.

There are a number of certificate issuing authorities. We recommend Thawte for the best combination of value and wide Operating System compatibility. (If you choose to use a certificate from another provider, which you can do if you prefer, make sure you check which Operating Systems they support, ask which Operating Systems their "root certificate" is installed in).

To obtain your own Code Signing certificate click on the Thawte logo above. The certificate type you need is the Code Signing Certificate, and on the second page of the order process you need to select the Microsoft Authenticode (Multi-Purpose) Certificate option.

During the purchasing process you will be asked for a password. This is used during the signing process to protect your Software Publishing Certificate. Without the password you cannot sign your files, so do not lose it.

After purchase you will receive two files, a .spc file (The Software Publishing Certificate) and a .pvk file (Private Key File). Look after these very carefully, if you lose these they cannot normally be replaced!