SSLmentor

Quality TLS/SSL certificates for websites and internet projects.

Client Login
EV || Standard

EV || Standard

EV CODE or Standard CODE?

The trustworthiness of software downloaded from the internet and user protection is based on the use of code signing certificates. Specifically, it is necessary to sign every piece of software released for the Windows operating system. Code signing certificates are crucial for developers because they ensure trustworthy distribution and enhance their reputation.
There are two types of CODE signing certificates: Standard CODE signing certificates (OV) and EV CODE signing certificates. The main differences between them lie in the level of security, the verification process, and the trustworthiness they provide to users.

Which CODE to choose?

In principle, both types of CODE certificates are identical. The CA must perform applicant validation, they are issued on a token, HSM device, or to a secure cloud. The signing and signature properties are the same. So what is the difference between EV CODE and Standard CODE?

Standard CODE signing (OV)

  • Basic applicant validation - verification of company existence, verification of person (ID and face recognition).
  • USB token, HSM module, secure cloud.
  • Need to build reputation in the Windows ecosystem.
  • Significantly lower price compared to EV CODE.

EV CODE signing

  • Extended validation - verification of company existence, address confirmation or telephone verification, verification of person (ID and face recognition), stricter identity verification process.
  • Most trusted CODE certificates.
  • USB token, HSM module, secure cloud.
  • Immediate trust in the Windows ecosystem (SmartScreen).
  • Required for access to the Windows Hardware Developer Center Dashboard Portal, through which all kernel-mode drivers targeting Windows 10 (build 1607 and later) must be signed.

EV CODE Certificate and SmartScreen

EV CODE signing certificates provide immediate trust within Microsoft's SmartScreen technology. SmartScreen is a security feature integrated into Windows and the Microsoft Edge browser, which helps protect users from downloading and installing malicious software by checking the reputation of the signing certificate.
This information was officially valid until the summer of 2024, before Microsoft declared that it "will evaluate EV CODE certificates in the same way as standard CODE certificates". This means that EV CODE certificates will no longer be automatically trusted for the SmartScreen filter, and software publishers will have to gradually build their reputation.
This declaration completely overturned the existing, long-standing system of trust. The people at Microsoft probably realized this, and it is still true that EV CODE certificates are trusted for SmartScreen. We do not know if or when this will change, but you can currently verify the validity on our testing SW.

Test code certificates - Demo SW

To test the behavior of Standard CODE and EV CODE, you can use our testing software written in dotNET and signed with CODE certificates Certum Code Signing in Cloud and Certum EV Code Signing in Cloud.

Standard CODE signing

  • MS Edge, Chrome - warning!
  • MS Windows - SmartScreen
  • User trust must be explicitly granted.
     
  • DOWNLOAD DEMO - Certum Standard CODE signing

EV CODE signing

  • MS Edge - trouble-free download
  • MS Windows - SmartScreen is not displayed
  • Chrome - warning! This is normal here, Chrome has its own databases.
  • Required for access to the Windows Hardware Developer Center Dashboard Portal, through which all kernel-mode drivers targeting Windows 10 (build 1607 and later) must be signed.
     
  • DOWNLOAD EV DEMO - Certum EV CODE signing
Code signing - Test SW

How to gain reputation

Reputation can only be gained over time and by frequently signing software that users download and install. The more users install the software without issues, the faster the publisher's reputation is built. Ideal numbers are hundreds or thousands of installations. When signing, it is advisable to use timestamps so that the signature remains valid even after the certificate expires.
However, only Microsoft knows the exact evaluation of reputation.

Manual reputation acquisition

If you have a small number of downloads and are struggling to gain reputation, you can try to acquire reputation using the following steps.

1/ You can use the Microsoft WDSI File Submission service, where you can upload your signed software for analysis. This way, you can speed up the process of gaining reputation for your software.

2/ You can download your software in the Edge browser and select the link "Report this file as safe", which leads to a Microsoft Feedback form where you will need to fill in various information about the software and your company.

Code signing - Report this file as safe

These steps can help accelerate the process of gaining reputation for your software, but there is no guarantee that it will lead to an immediate result. The best approach is to combine these methods with regular signing and wider distribution of your software or choose one of the offered EV CODE signing certificates.

If anything is missing on this page, you don't understand something, or the behavior of the signed SW is different, please do not hesitate to contact us!

Where next?

Back to Help
Found an error or don't understand something? Write us!

CA Sectigo
CA RapidSSL
CA Thawte
CA GeoTrust
CA DigiCert
CA Certum