Easy online distribution has made it possible for developers to create fun and functional
code, anywhere and everywhere. However, the potential for fraud and the spread of
malicious code has increased as well. With a Thawte® Code Signing Certificate, your
code will be as safe and trustworthy to customers as shrink-wrapped software from
a store shelf.
Code Signing Certificates frequently use digital signatures to verify identify of
the content’s creator, as well as confirming that the content has not been
tampered with since it was originally distributed. With the rapid growth of content
distribution thanks to the Internet, code signing is absolutely critical for securing
the delivery of content to the consumer. Code Signing Certificates with digital
signatures allow publishes to sign .exe, .cab, .dll, and .ocx files; Java Applets
and MIDlets; Microsoft Office documents with macros; and Apple desktop applications.
Promotional Offer: $199 Use coupon code SUMMER199
With code signing from Thawte, you can assure users that your code and content is
safe to download, and protect your most valuable business asset: your reputation.
Code signing authenticates the code’s source and confirms the integrity of
content distributed online. Thawte® Code Signing Certificate for Microsoft® Authenticode®
(Multi-Purpose) offers maximum flexibility with a single certificate to sign code
developed on multiple platforms.
To obtain a certificate from Thawte, a software publisher must meet the criteria
for either a commercial or an individual publishing certificate and submit these
credentials to either a CA or a local registration authority (LRA). The criteria
discussed below have been proposed by Microsoft. Note that standards bodies, such
as the World Wide Web Consortium (W3C), are reviewing these criteria and they are
subject to change. A description of the overall process of obtaining a certificate
for code signing ends this section of the document.
Thawte does not certify the content of a software publisher’s code. Code signing
certificates are only used to verify the publisher who signed the content and that
the content has not been altered or corrupted.
Microsoft® Authenticode® (Multi-Purpose)
- Digitally sign 32- and 64-bit user-mode (.exe, .cab, .dll, .ocx, .msi and .xpi files)
- Digitally sign code for Microsoft® Office 2000, Microsoft VBA, Netscape Object Signing,
and Marimba Channel Signing
Sun Java
- Digitally sign .jar files and Java applications for desktop and mobile devices
- Recognized by Java Runtime Environment (JRE)
Adobe® AIR
- Digitally sign .air or .airi files
- Required for all AIR-based applications
Apple Mac
- Digitally sign Apple desktop applications
Microsoft® Office VBA
- Digitally sign VBA objects, scripts and macros for Microsoft Office .doc, .xls,
and .ppt files
- For Microsoft Office and third-party applications using VBA
HOW CODE SIGN SSL WORKS?
Thawte Code Signing Certificates create a unique digital signature with identification
information about the publisher of the code and proof of the code’s integrity.
Microsoft applications such as Internet Explorer®, Exchange, Outlook® and Outlook®
Express have security features to check for a digital signature and recommend whether
or not code should be trusted.
When a user encounters unsigned executables, a security warning pops up or content
fails to load, depending on the user’s security settings.
When a signed executable is encountered, a pop-up notification shows the verified
identity of the publisher and the user decides whether or not to trust the code.
By clicking “More Info”, the user can inspect the certificate.
