Code Signing Certificates

How It Works

Software and macro signing is based on the same public key cryptography system used in Web site and personal digital certificates. Here's an overview of the VeriSign Code Signing process.

1. First, generate a private/public key pair according to your software instructions.
2. Then, enroll for a Code Signing Digital ID with VeriSign by submitting the public portion of the key for certification, along with documentation to prove your identity. (The online enrolment process will provide you with complete instructions.)
3. Once VeriSign has verified your identity by checking your documentation, you will be issued a Digital ID, including your full organisational name and your public key. When your certificate is approved and issued, you will be alerted by e-mail either containing the certificate or directing you to a URL where you will be able to access your ID online.
4. Use the tools supplied by your software vendor to sign applets, plug-ins, or macros with your Digital ID [see your software documentation]. When your signed object and files are downloaded, they contain a copy of your certificate so that recipients are able to identify you as the author.
5. Post your signed code or software on your site so that customers can purchase and download them as normal.
6. Customers download your applet, code object or macro. Their browser verifies the signature on the code.
7. The customer is able to view the certificate in order to identify the developer who wrote the code. This increases consumer confidence and, if need be, gives the customer the appropriate ability to contact the developer.