Code Signing

Authenticity and assurance in a signature: guarantee the integrity and security of your software components

Code signing: the security of digital signatures applied to software components

Code Signing Certificates let you add a digital signature to a wide range of executable software components, to guarantee their authorship, integrity and ensure the source code has not been tampered with.

The certification process inextricably links the identity of an IT organization to a key pair: the private key, used by the developer or distributor to sign the code, and the public key, which allows the end user to verify the identity of the signatory (and so the reliability of the software component).

This is an essential security measure for many organizations, who need to protect the software components they develop and distribute from the risk of malware.

Find out more about our solutions

The benefits of using Actalis code signing certificates for businesses

By digitally signing files containing executable code, companies can both protect and optimize their work, as well as fostering a relationship of trust with customers. What’s more, they can protect their brand from any damage to their reputation caused by malware.

Some of the benefits of using a Code Signing Certificate:

Authenticity and reliability


Certify the identity of the organization developing and distributing software.

Integrity of the components


Make sure that the code has not been accidentally or maliciously altered after signing.

Download and installation


Processes are faster and more secure, as interruptions are reduced and the end users' devices are protected.

Avoid error notifications


Reduce the number of security alerts, replacing them with messages containing information about the software publisher.

Actalis solutions for Code Signing Certificates

Our Code Signing certificates, like all our products, comply with the requirements of the CAB Forum, the association that brings together the main Certification Authorities around the world.

Centralized certificates with Enterprise RA and API


Thanks to the Enterprise RA web application and its APIs, companies can deliver Code Signing certificates for tthemselves. What’s more, they can keep track of the lifecycle of the issued certificates at any time, managing renewals and revocations.

Comprehensive management of certificates with API partners


Partners and resellers have access to simple APIs to manage applications for the entire lifecycle of Code Signing certificates, using a set of integrated web services.

Best practices for using code signing certificates

To manage the Code Signing process correctly and securely, we recommend following the guidelines below.

Restrict access to private keys


Only let a small group of authorized personnel access the PCs used for the Code Signing process.

Authenticate the code before signing it


Keep track of all Code Signing operations and prevent unapproved or malicious code from being signed.

Protect private keys using encryption hardware devices


Prevent attacks by storing your keys with security-compliant tools (such as a smart card or USB token).

Scan for viruses before signing the code


Make sure any third-party libraries and code you're about to sign do not contain viruses.

Always add a timestamp to the signed code


This will validate the signed code even after the Code Signing certificate has expired or been revoked.

Reduce risk with multiple certificates


Avoid signing all your software with the same certificate, use different ones and change your keys frequently.

Use test certificates to sign code that has not yet been issued


When carrying out tests, choose different keys from those used in the production environment.

Revoke compromised certificates


If your private key is compromised, revoke it and contact Actalis.


How to request and install your Code Signing certificate

Tell a technical expert what you need

Code Signing solutions are just one element of complex IT projects. Actalis can provide all the technological tools and experience needed to help companies design and implement custom solutions and large-scale solutions.

Ask us to get in touch with you