Compare code signing certificates: The ultimate comparison of features, prices, types, and brands
Getting a code signing certificate is an excellent decision for your software’s security and authenticity. There are multiple types of code signing certificates available in the market with different price ranges, features, and brands. So, comparing all code signing certificates before choosing the right one for your organization is an essential step.
To help you with the research and buying process, we’ve prepared this code signing certificate comparison guide and have compared all the prominent code signing certificates.
Code Signing Certificates: Major Brands
Three of the most popular code signing certificate brands in the industry include:
- Comodo CA (powered by Sectigo)
All three of these certificate authorities (CAs) have strong reputations in the industry and have been considered leaders in the market for more than two decades.
They sell multiple cybersecurity products, and code signing certificates is one of the most popular product categories among them. But how do you know what makes a good code signing certificate? Check out the price and features comparison for these three brands’ code signing certificates:
Code Signing Certificate Comparisons: Sectigo vs Thawte vs Symantec
|Sectigo (Formerly comodo)||Thwate||Symantec|
|2048-Bit Digital Signature||Yes||Yes||Yes|
|Issuance Time||1-3 days||1-3 days||1-3 days|
|Sign 32- and 64-bit Executables||Yes||Yes||Yes|
|Sign Microsoft Authenticode||Yes||Yes||Yes|
|Validation Type||Organization Validation (OV)||Organization Validation (OV)||Organization Validation (OV)|
|Sign Windows 8 &10||Yes||Yes||Yes|
|Money-Back Guarantee||30-day Guarantee||N/A||N/A|
|Sign Adobe AIR||Yes||Yes||Yes|
|Sign Microsoft Office 365||Yes||Yes||Yes|
|Lowest Price||From $79/year||From $124.17/year||From $365.83/year|
|Buy Now||View Product||View Product||View Product|
As you can see here, while Thawte and Symantec include warranties with their code signing certificates, Sectigo offers a 30-day money-back guarantee, which is not available for other two brands. Other than that, all the technical features are same for the code signing certificates offered by all three CAs. However, the price of each certificate differs significantly depending on the brand. Thwate is almost 60% while Symantec is nearly 400% more expensive than Sectigo ( formerly Comodo CA).
Why Is There a Substantial Price Difference in Code Signing Certificates?
For more than two decades, part of Comodo CA’s mission has been to provide affordable access to cybersecurity products such as code signing certificates. After Francisco Partners acquired Comodo CA, they rebranded it with new name Sectigo. Now, Sectigo has decided to continue the same legacy — not only for code signing certificates, but also for all the other products for including SSL certificates. They demonstrate this mission daily with their massively discounted prices.
Standard Code Signing Certificate vs. EV Code Signing Certificate
Standard code singing certificates are those that are offered with organization validation (OV), also known as individual validation (IV), if it is applied by individual developers/publishers. The verification process differs for OV and IV, but the code signing certificate is the same at the end of the verification process. Both companies and private software developers are allowed to get it. Extended validation (EV) code signing certificates, on the other hand, are only available for business or other organizations. The CA/B forum requires a more rigorous vetting process for EV code signing certificates.
EV code signing certificate have two extra features.
- Microsoft SmartScreen: SmartScreen has a notoriousfiltering process. It trusts only well-reputed publishers who have existed in the industry for several years. Microsoft SmartScreen shows pesky security warning for software published by new publishers and small companies, even if that software is signed with the standard code signing certificate. But Microsoft SmartScreen trusts EV code signing certificates regardless of how long the organization has existed. So, for new publishers, startups, and small businesses, EV code signing certificate is the only way to gain Microsoft SmartScreen’s trust instantly and to avoid triggering the security warnings.
- Private Key Security: The private key of an EV code signing certificate is stored in an external hardware token. The CA sends the hardware fobs to the physical address of the applicant after the verification process is completed. Now, the only person holding that external device can sign the software. Because the private key is not stored online, it can’t be compromised even if someone hacks your network.
Standard Code Signing Certificates vs EV Code Signing Certificates
|Standard Code Signing Certificate (OV/IV)||EV Code Signing Certificate|
|Trusted by Microsoft SmartScreen||No||Yes|
|Private Key||Stored on the server||Stored on external physical device|
|Delivery Method||Physical Mail||Online|
|Major brands||Sectigo (previously Comodo CA), Symantec, Thwate||Sectigo (previously Comodo CA)|
|BUY NOW||BUY NOW|