SSLmentor

Quality TLS/SSL certificates for websites and internet projects.

Code signing

Code signing

Certum Cloud CODE signing - FAQ

Information on signing SW using CODE Signing certificates secured via of the SSLmentor project.

CODE signing with Cloud Code certificates

How many times can I use CODE certificate?

It is possible to sign an unlimited number of codes for the entire period of validity.

What are the additional costs?

There are no additional costs. You no longer pay anything to the certification authority and use the CODE certificate for the entire period of validity.

Is it possible to have the certificate connected non-stop?

No, it is not possible. SimplySign Desktop has an active secure connection established for 2 hours. A new token must then be generated in SimplySign App.

What is the difference between a PFX file and a cloud certificate?

From the summer of 2023, it is not possible to issue exportable CODE certificates and it is therefore no longer possible to have a certificate in an encrypted PFX file. Certum Cloud Code Signing certificate connects to PC using SimplySign Desktop an application that emulates a crypto card with a certificate located in the cloud. A big advantage is that you don't have to worry about keeping a USB token or card, you can do everything online.

SimplySign Mobile Application

SimplySign App on another mobile phone

If you need to change your mobile phone for the SimplySign App, you need to ask CA Certum (contact) for a new QR code to activate the app.
Please send a new activation request to CA Certum. The order number is required! You can find it in the order details in the Control Panel. ID Order format 12345678-9abc-12a3-a5dc-1a234567bcd.

Can I have SimplySign App on multiple phones?

Yes, we have tested and use the SimplySign app on 2 mobile phones. If you save the activation QR code safely, you can use it to activate SimplySign on another mobile phone as well. Please note that the activation QR code allows full access to your CODE certificate and must be stored safely!

QR code to activate SimplySign is not displayed

The SimplySign activation QR code is displayed after successfully entering the password sent. If you do not see the QR code, try a different browser. For example Edge or FireFox. You may have some extensions in your browser that prevent the QR code from being displayed.

Can I sign VBA Macros?

YES. Using the Cloud CODE signing certificate also allows you to sign created macros.

Can I sign my applications with ClickOnce?

YES. ClickOnce allows you to create auto-updating Windows applications. In case SimplySign Desktop is not actively connected to the certificate, the login window for inserting the token from SimplySign App is activated and after successful connection, signing is started.

Can I use the CODE certificate with CI/CD tools?

CI/CD tools help developers quickly build, test, and deploy application updates through automated channels. Before ordering a CODE signing certificate from CA Certum, it is necessary to consider the deployment procedures and whether the "restriction" of the length of the 2-hour window is sufficient for signing. We always recommend going through the entire signing workflow and then deciding whether to buy the certificate. Unfortunately, a CODE certificate for testing cannot be provided.

Can I get a CODE certificate as an individual person?

Yes, it is possible. Requesting a certificate for a private person requires proof of identity and proof of address from the certificate details. The address can be documented, for example, by an invoice for energy, a telephone, or an official confirmation of the address in the document.

SignTool Errors found

SignTool Error: No certificates were found that met all the given criteria

An error that occurs exceptionally for some customers with SimplySign Desktop version 9.1.8.61 (December 2023) installed.
The solution is to install using a file with the .MSI extension.

SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr

Dual-sign SHA256 and SHA1 with time server http://time.certum.pl/ ends with an error "SignTool Error: The /t option is incompatible with the /as option" and "SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr".
Based on customer experience, DigiCert's time server works for dual-sign signing http://timestamp.digicert.com/.
sign /n "CODE cert" /t http://timestamp.digicert.com/ /fd sha1 /v test.exe
sign /n "CODE cert" /tr http://timestamp.digicert.com /fd sha256 /as /v test.exe

SHA2 support in Windows operating system

Microsoft has started the migration and update process to support SHA-2 since 2019.
It publishes an overview of the information on the page SHA-2 Code Signing Support requirement for Windows and WSUS.

Back to Help
Found an error or don't understand something? Write us!

CA Sectigo
CA RapidSSL
CA Thawte
CA GeoTrust
CA DigiCert
CA Certum