Help Center

All Java apps that run in Web browsers require a code signing certificate, as of January 2014.

A Code Signing certificate is also strongly recommended for any publisher intending to distribute code or other content over the Internet or over corporate networks. Use of code signing certificates might help enhance a publisher's reputation.

Code Signing certificates are valid for one, two or three years, depending on the term you purchase it for.

No. Code Signing certificates are only used to verify the publisher who signed the content and that the content has not been altered or corrupted.

Time stamping ensures that signed code will not expire when the Code Signing certificate expires. Signed code which has been time stamped is valid, even after the Code Signing certificate expires. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code whenever the Code Signing certificate changes due to re-keying or renewal.

Time stamping your code is an optional feature. Our time stamping server URL is: http://tsa.starfieldtech.com.

If you want to time stamp your code, specify the full location, including the http:// part of the URL.

• Windows - Use the SignTool.exe utility included with the Windows SDK to verify the presence of a time stamp in code which has been signed.
• Java - Use JarSigner.exe included as part of the JDK which is available here.

No. Unlike some of our competitors, we do not limit the number of time stamp requests which can be issued by a single Code Signing certificate.

No. You are not limited to any specific number. You can sign as many applications or other content with a code signing certificate as you wish, provided that the applications are going to be used for and distributed by the organization that owns the certificate.

No. Only businesses whose identity can be verified via various state or federal governmental agencies can be issued a Code Signing certificate.

Yes. Because Windows must validate your device driver when booting up in kernel mode, a special type of Code Signing certificate must sign Windows Vista (and later) 64-bit device drivers. We offer these Driver Signing certificates (aka kernel-mode Code Signing certificates) on our website.

Yes. Apple recommends that all code written for Mac OS X 10.5 and later be code signed. Beginning with Mac OS X 10.5 Leopard, Apple has provided code signing tools. The main tool used is codesign.

For more information, see:

• Tech Note TN2206 - Mac OS X Code Signing In Depth.
• Apple's Code Signing Guide (HTML Version).
• Apple's Code Signing Guide (PDF Version).
• Apple Reference for Codesign.

To receive the certificate pop-up when the file is downloaded, you must enable the feature.

Enable Check for Signatures

1. Open the Tools menu in Internet Explorer, and then click Internet Options.
2. Go to the Advanced tab.
3. In the Security section, select the Check for signatures on downloaded programs option.

For Windows XP, everything is automatic. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed. Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. To install the latest Microsoft root certificate patch, click here.