Code Signing Certificates Comparison

1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 4.43 out of 5)

Compare code signing certificates: The ultimate comparison of features, prices, types, and brands

Getting a code signing certificate is an excellent decision for your software’s security and authenticity. There are multiple types of code signing certificates available in the market with different price ranges, features, and brands. So, comparing all code signing certificates before choosing the right one for your organization is an essential step.

To help you with the research and buying process, we’ve  prepared this code signing certificate comparison guide and have compared all the prominent code signing certificates.

Best Code Signing Certificate Providers: Major Brands

The three major code signing certificate providers with an impeccable reputation and considerable market share are:

  • Comodo CA
  • Thawte
  • Symantec

All three of these certificate authorities (CAs) have strong reputations in the industry and have been considered leaders in the market for more than two decades.

They sell multiple cybersecurity products, and code signing certificates is one of the most popular product categories among them. But how do you know what makes a good code signing certificate? Check out the price and features comparison for these three brands’ code signing certificates:

Code Signing Certificate Comparisons: Sectigo vs Thawte vs Symantec

(Formerly comodo)
Thwate Symantec
2048-Bit Digital Signature Yes Yes   Yes
Issuance Time 1-3 days 1-3 days 1-3 days
Sign 32- and 64-bit Executables Yes Yes   Yes
Sign Microsoft Authenticode Yes Yes   Yes
Validation Type Organization Validation (OV) Organization Validation (OV) Organization Validation (OV)
Sign Windows 8 &10   Yes Yes   Yes
Reissuance Unlimited Unlimited Unlimited
Sign Java Yes Yes   Yes
Sign Mozilla Yes Yes   Yes
Money-Back Guarantee 30-day Guarantee N/A N/A
Warranty N/A $50,000 $1,500,000
Sign Adobe AIR Yes Yes   Yes
Sign Microsoft Office 365 Yes   Yes   Yes
Lowest Price From $79/year From $124.17/year From $365.83/year
Buy Now View Product View Product View Product

As you can see here, while Thawte and Symantec include warranties with their code signing certificates, Sectigo offers a 30-day money-back guarantee, which is not available for other two brands. Other than that, all the technical features are same for the code signing certificates offered by all three CAs. However, the price of each certificate differs significantly depending on the brand. Thwate is almost 60% while Symantec is nearly 400% more expensive than Sectigo ( formerly Comodo CA).  

Why Is There a Substantial Price Difference in Code Signing Certificates?

For more than two decades, part of Comodo CA’s mission has been to provide affordable access to cybersecurity products such as code signing certificates. After Francisco Partners acquired Comodo CA, they rebranded it with new name Sectigo. Now, Sectigo has decided to continue the same legacy — not only for code signing certificates, but also for all the other products for including SSL certificates. They demonstrate this mission daily with their massively discounted prices.

Standard Code Signing Certificate vs. EV Code Signing Certificate

Standard code singing certificates are those that are offered with organization validation (OV), also known as individual validation (IV), if it is applied by individual developers/publishers. The verification process differs for OV and IV, but the code signing certificate is the same at the end of the verification process. Both companies and private software developers are allowed to get it. Extended validation (EV) code signing certificates, on the other hand, are only available for business or other organizations. The CA/B forum requires a more rigorous vetting process for EV code signing certificates.

EV code signing certificate have two extra features.

  1. Microsoft SmartScreen: SmartScreen has a notoriousfiltering process. It trusts only well-reputed publishers who have existed in the industry for several years. Microsoft SmartScreen shows pesky security warning for software published by new publishers and small companies, even if that software is signed with the standard code signing certificate. But Microsoft SmartScreen trusts EV code signing certificates regardless of how long the organization has existed. So, for new publishers, startups, and small businesses, EV code signing certificate is the only way to gain Microsoft SmartScreen’s trust instantly and to avoid triggering the security warnings.
  2. Private Key Security: The private key of an EV code signing certificate is stored in an external hardware token. The CA sends the hardware fobs to the physical address of the applicant after the verification process is completed. Now, the only person holding that external device can sign the software. Because the private key is not stored online, it can’t be compromised even if someone hacks your network.  

Standard Code Signing Certificates vs EV Code Signing Certificates

  Standard Code Signing Certificate (OV/IV) EV Code Signing Certificate
Trusted by Microsoft SmartScreen No Yes
Private Key Stored on the server Stored on external physical device
Delivery Method             Physical Mail Online
Major brands Sectigo (previously Comodo CA), Symantec, Thwate Sectigo (previously Comodo CA)
Price $79/year  $289.67/year
What is a Microsoft EV Code Signing Certificate?