What happens to my software and digital signatures when my code signing certificate expires?
If this question haunts you at night, you’re not alone! Most software developers and publishers face this dilemma at one point.
You might be in the process of buying your first code signing certificate, or your current certificate might be expiring soon (or it has already expired). Whatever the scenario, you’ve landed on the right article. We have answers for all your questions regarding code signing certificate expiration issues and renewals.
Timestamping: The Ultimate Shield to Avoid Code Signing Certificate Expiration Issues
You can use the timestamping function to avoid issues that stem from code signing certificate expiries. The software developer/publisher can add a timestamp (i.e., put a digital signature) on the code using their unique private key. The digital signature will stay valid forever — even after the certificate expires.
A timestamp is proof that the software was signed by the verified publisher while the certificate was still valid, and that it has not been altered since it was signed. In other words, the publisher of the software is the same as it was at the time when the code was signed.
So, even after the code signing certificate is expired, all the timestamped software will show the publisher’s name instead of “unknown” on the security dialogue box. Without a timestamp, the digital signature dies with the certificate expiration and the end user will receive an error message.
Sectigo offers the timestamping function for free. It doesn’t have any restrictions on the number of software applications you can sign while your Sectigo code signing certificate is valid.
Note: Timestamping doesn’t mean that you can get away with not renewing your code signing certificate. Your signature in the timestamped software will be safe forever, but you won’t be able to sign and hash any new software after code signing certificate’s expiry date.
Code Signing Certificate Got Expired or Expiring Soon? Follow This Expert Code Signing Certificate Renewal Guide!
Once a code signing certificate expires, the browsers and operating systems will start showing the security warnings when some tries to download the software. The warning dialogue box would be the same as it was before installing the code signing certificate. If you have timestamped your software, users will be still shown the security warning, but the publisher’s name will be displayed on the security popup.
It’s advisable to renew the code signing certificate before it expires to avoid a security lapse or certificate outage. You can renew a code signing certificate as early as 90 days before its expiry date. If you renew your code signing certificate early, you won’t lose any time remaining on your existing certificate. Sectigo will adjust the remaining time on the new certificate. Plus, the validation process becomes way quicker.
To renew your SSL, simply follow this link and click on the “Renew Now” instead of ”Add to cart.”
- Did you know? You can change your certificate authority (CA) anytime you want.
- You can upgrade to an EV code signing certificate from regular organization validation (OV)/individual validation (IV) only if you’re a business organization (not an individual developer).
- Some CAs charge higher rates for renewing code signing certificates than what they charge first-time buyers. Luckily for you, Sectigo has the same prices for new buyers and renewals alike.
Tips for Buying a Code Signing Certificate for the First Time
If you’re buying code signing certificate for the first time and are researching validity and renewal issues, these tips will help:
- The code signing certificate is for downloadable software, device drivers, applications, executable, and scripts.
- The code signing certificate is valid for a minimum period of one year and a maximum period of three years.
- Sectigo offers IV code signing certificates for individual developers, freelancers, and small companies-startups.
- If you’re not sure whether you need a code signing certificate or an SSL certificate, please check out our other article on the Key Differences Between a Code Signing Certificate and an SSL Certificate.
Compare Code Signing Certificate Types
|Features||Sectigo Code Signing Certificate||Sectigo EV Code Signing Certificate|
|Certificate Type||OV Code Signing||EV Code Signing|
|Validation Type||Organization Validation||Extended Validation|
|Multiple year options||Yes||Yes|
|Encryption strength||256-Bit SHA-2||256-Bit SHA-2|
|Issuance Time||1 to 3 Business Days||1 to 5 Business Days|
|Immediate Reputation with Microsoft’s SmartScreen Filter||No||Yes|
|Microsoft Authenticode Signing||Yes||Yes|
|Android Apps Signing||Yes||Yes|
|Apple OS X Signing||Yes||Yes|
|Apple OS X Signing||Yes||Yes|
|Microsoft Office VBA Signing||Yes||Yes|
|Adobe Air Signing||Yes||Yes|
|Windows Vista x64 Kernel Mode Signing||Yes||Yes|
|Windows Phone Apps Signing||Yes||Yes|
|Qualcomm Brew App Signing||Yes||Yes|
|Microsoft Office Document Security||Yes||Yes|
|Refund Policy||30 Days||30 Days|
|Lowest Price||From $79/year||From $289.67/year|
|Buy Now||View Product||View Product|