Code Signing Certificates
Sign your code with a validated identity, at the right level for your needs
Four certificates, one purpose: prove that the software your users download came from you and hasn’t been touched since. SSL.com offers IV Code Signing for individual developers, OV Code Signing for organizations, Sole Proprietor EV Code Signing for individuals and sole proprietors who need EV-level trust, and EV Code Signing for organizations requiring verified publisher identity or kernel-mode driver signing. All are trusted on Windows and available with cloud-HSM-backed signing via eSigner.
Code Signing Certificates
IV Code Signing
For individual developers
Personal name on every installer. No business docs required. Best for independent developers, open source maintainers, and freelancers.
OV Code Signing
For organizations
Organization name verified and displayed. Trusted on all Windows versions. Best for software companies and ISVs distributing to end users.
Sole Proprietor EV Code Signing
EV trust for individuals
Full EV benefits, verified publisher identity, kernel-mode driver signing, timestamped signatures, validated as an individual. No registered business entity required.
EV Code Signing
For maximum trust
Verified publisher identity. Required for kernel-mode drivers and Windows Hardware Dev Center. Signatures survive certificate expiry. Organization entity required.
Compare Code Signing Certificates
| Feature | IV: Individual | OV: Organization | EV SP: Sole Proprietor | EV: Extended Validation |
|---|---|---|---|---|
| Who it’s for | Independent developers, open source maintainers | Software companies, ISVs, enterprises | Sole proprietors needing full EV trust | Enterprises, driver publishers, CI/CD pipelines |
| Name on installer | Individual’s verified name | Organization’s verified name | Individual’s verified name (EV-validated) | Organization’s verified name (all validations) |
| Trusted on Windows | Yes: all versions | Yes: all versions | Yes: all versions | Yes: all versions |
| Verified publisher identity | No (builds over time) | No (builds over time) | Yes: immediate | Yes: immediate |
| Kernel-mode driver signing | No | No | Yes: required | Yes: required |
| Business entity required | No | Yes | No (individual validation) | Yes |
| Storage requirement | Hardware token, HSM, or eSigner | Hardware token, HSM, or eSigner | Hardware token, HSM, or eSigner | Hardware token, HSM, or eSigner |
| Sign from any CI/CD pipeline: no hardware needed | Add eSigner for Code → Cloud HSM signing for CI/CD pipelines. Works with all four certificates. No hardware token required. | |||
| Get started | Buy IV → | Buy OV → | Buy EV SP → | Buy EV → |
Which certificate is right for you?
Shared requirements
Secure key storage
Private keys cannot be exported. Must be stored on a FIPS 140-2 validated hardware token, eSigner cloud HSM, or supported cloud HSM.
Timestamping
All signed code should be timestamped at signing, timestamps extend the validity of the signature beyond certificate expiry.
CA/B Forum Code Signing BR
All SSL.com code signing certificates are issued under the CA/B Forum Code Signing Baseline Requirements.
Ready to sign your code?
Compare code signing certificate types
All SSL.com code signing certificates sign executables, scripts, and packages. Validation level determines identity verification, key storage requirements, and SmartScreen behavior.
