EV Code Signing

EV Code Signing

The highest trust code signing: verified publisher identity, kernel-mode driver signing, and hardware-token-free CI/CD via cloud HSM. Full organization identity on every installer.
Configure & Buy See how it works

Key benefits of EV Code Signing certificates

Verified publisher identity

Your organization’s legal name displays as a verified publisher in Windows SmartScreen prompts, Microsoft Store submissions, and User Account Control dialogs: the strongest trust signal Windows displays to end users.

All vital company information displayed

Company legal name, registered address, and full organizational identity details are verified under CA/B Forum EV procedures and embedded in every signed binary. Visible in Authenticode signature details.

Kernel-mode driver signing

Required for Windows 10 and Windows 11 kernel-mode drivers and user-mode drivers: only EV certificates satisfy the Windows Hardware Quality Labs (WHQL) signing requirements for driver distribution.

Windows Hardware Dev Center access

EV certificate required for Microsoft Partner Center (formerly Dashboard Portal) access, driver cross-signing submission, WHQL certification, and Microsoft Store app submission under an organization identity.

Who needs an EV Code Signing certificate?

Enterprises distributing to end users

Enterprises distributing software to end users who need verified publisher identity displayed in SmartScreen prompts, plus hardware-backed private keys for enterprise security review and SOC 2 audit evidence.

Driver & firmware publishers

Driver and firmware publishers: EV is the only certificate type accepted for Windows 10/11 kernel-mode drivers, user-mode drivers, and WHQL-certified driver submission.

DevOps & CI/CD teams

DevOps and CI/CD teams needing EV-level signing in automated build pipelines. SSL.com eSigner for Code provides cloud HSM-backed EV signing via REST API: no physical token distributed to build machines.

Windows Hardware partners

Windows Hardware Dev Center partners requiring Partner Center portal access for driver submission, WHQL testing, and signed driver distribution through Windows Update.

Purchase & Pricing

1. Select Certificate Duration

1 Year
$349.00/yr
2 Years
$299.00/yr
Save 14%
3 Years
$249.00/yr
Save 29%
4 Years
$200.00/yr
Save 43%
5 Years
$149.00/yr
Save 57%

2. Select Key Storage & Delivery (optional)

eSigner Cloud Signing

Sign anywhere using eSigner.com. No hardware required.
+ Subscription

YubiKey

Physical Token
+ $279.00
YubiKey Quantity $279 each

YubiKey & EV certificates: YubiKey tokens are fully suitable for OV code signing. If you require EV code signing, particularly for kernel-mode driver signing (Microsoft HLK), a YubiKey may not meet those requirements. Contact us to discuss EV-compatible token options.

Standard

3ā€“5 business days after validation (Continental US)

Express + $329.00

1 day after validation

Bring Your own Cloud HSM

Self-managed infrastructure
+ Starting at $500.00

SSL.com must attest your key to your chosen provider before issuing the certificate. This fee is a one-time charge per order.

AWS CloudHSM
Attestation Fee
$1,500
Google Cloud HSM
Attestation Fee
$1,500
Azure Dedicated HSM
Attestation Fee
$500.00

Looking for a simpler option? SSL.com eSigner for Code provides cloud-based signing with no HSM to provision, no attestation fee, and a lower total cost for most teams.

Bring your own on-premises HSM

SSL performs an attestation ceremony for your compliant on-premises HSM.
+ Custom Pricing

Please contact sales.

3. Validation Speed (optional)

Choose how quickly your organization or identity is validated before your certificate is issued.

Standard

3ā€“5 day validation Ā· 2ā€“3 day US shipping Validation completed after all agreements, entity info submitted, and a successful callback to a listed phone number. Included

Expedited

2 business day validation Ā· overnight US delivery 2 business days priority validation from first complete submission and callback. Token shipped overnight in continental US. +$599.00

Order Summary

ProductEV Code Signing
Term1 year
Rate$349.00/yr
Savingsā€”
Key storageā€”
Signing subscriptionā€”
ValidationStandard
Validation feeIncluded
Total $349.00

How EV code signing works with eSigner cloud HSM

1: Purchase

Select EV duration and complete your order.

2: Organization & EV validation

SSL.com validates your organization identity using extended validation procedures.

3: Certificate issued

Certificate issued with your verified organization details. Must be stored on a FIPS 140-2 validated hardware token or cloud HSM.

4: Sign your code

Use signtool.exe with your hardware token.

5: Timestamp

Always timestamp at signing: EV signed code remains trusted permanently with a valid timestamp.

Compliance & Standards

CA/B Forum EV Code Signing Requirements

Issued under current CA/Browser Forum Extended Validation Code Signing Baseline Requirements with all ballot resolutions applied. FIPS 140-2 Level 2+ hardware key protection required by EV policy.

Microsoft Authenticode (EV)

Required for kernel-mode driver signing on Windows 10 and Windows 11, and provides the strongest verified publisher identity signal for Microsoft SmartScreen reputation across Authenticode.

Windows Hardware Dev Center

EV certificate required for Microsoft Partner Center portal access, WHQL driver submission, and driver distribution through Windows Update under your organization’s verified publisher identity.

WebTrust for Code Signing BR

SSL.com is audited annually by BDO under WebTrust for Code Signing Baseline Requirements (including EV code signing): continuous independent assurance required by Microsoft root program policy.

Frequently asked questions

CA/B Forum EV requirements mandate that EV private keys be stored in a FIPS 140-2 Level 2 validated HSM. A cloud HSM satisfies this requirement without physical hardware.

Microsoft SmartScreen reputation builds over time for both OV and EV certificates: each new build accumulates reputation based on clean-install download volume. EV still offers stronger trust signals: your organization name is displayed as verified publisher in SmartScreen prompts, and EV is required for kernel-mode driver signing. Note: since 2024, Microsoft no longer grants EV-signed binaries immediate SmartScreen reputation on first download.

No: if you timestamp at signing time, the signature remains valid indefinitely even after the certificate expires.

Yes: Microsoft requires an EV code signing certificate for Windows 10 kernel-mode drivers. No other certificate type qualifies.

Ready to get EV Code Signing?

Verified publisher identity, kernel-mode driver signing, and full organization validation: the highest trust code signing available.
Configure & Buy

Related Products

IV Code Signing

Individual Validated code signing: your verified personal name on the installer. No business entity required; the lowest-cost path to Authenticode signing for solo developers.
Learn more

OV Code Signing

Organization Validated code signing: your company’s verified legal name on every installer without the EV hardware-token or driver-signing requirements. Ideal for general Windows software distribution.
Learn more

Sole Proprietor EV

EV-level trust for sole proprietors and individual developers without a registered business entity: same hardware-backed keys, same SmartScreen reputation, same kernel-mode driver eligibility.
Learn more

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information read ourĀ Cookie and privacy statement.

3rd Party Cookies

This website uses Google Analytics & Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Show details
Powered by  GDPR Cookie Compliance