Sign code from your CI/CD pipeline — no hardware token required

eSigner for Code is SSL's cloud HSM-backed code signing service. Sign Windows executables, drivers, installers, and scripts directly from GitHub Actions, Jenkins, Azure DevOps, and other CI/CD platforms — using an EV-level cloud HSM, without shipping hardware tokens to build servers or developers.

Get eSigner for Code See integration guides
No USB token needed No shipping. No management. SSL Cloud HSM FIPS 140-2 validated Private key never leaves the HSM CI/CD PLATFORMS GitHub Actions Jenkins GitLab CI Azure DevOps CircleCI TeamCity CI/CD PIPELINE git push repository build artifact eSigner CKA Sign via SSL.com cloud HSM release artifact Signed & trusted Authenticode verified

Two eSigner products — make sure you're in the right place

eSigner for CodeeSigner for Documents
What it signsExecutables, drivers, installers, scriptsPDFs, contracts, official documents
How you use itCI/CD pipeline via eSigner CKAeSigner Express web app or CSC API
Certificate requiredCode Signing (IV, OV, or EV)Document Signing (IV, OV, or IV+OV)
You’re here if…You’re a developer or DevOps engineer signing software releases ✅Go to eSigner for Documents →

What is eSigner for Code?

Traditional EV Code Signing requires a physical USB hardware token — a problem for modern CI/CD pipelines. eSigner for Code solves this by hosting your private key in SSL’s FIPS 140-2 validated cloud HSM. You sign code via SSL’s signing API or the eSigner CKA (Crypto Key Adapter), which integrates directly with standard signing tools like signtool.exe.

eSigner for Code enables:

EV signing without hardware

Cloud HSM satisfies CA/B Forum EV requirements — sign with EV certificates in headless build environments, no USB token.

CI/CD native integration

eSigner CKA integrates with signtool.exe — works in any pipeline that supports standard Windows signing.

Authenticode-compatible formats

.exe, .dll, .msi, .cab, .sys, .ps1, and more — any format accepted by the Windows Authenticode toolchain.

Automated headless signing

Sign in fully automated build environments without user interaction — private key never leaves SSL's cloud HSM.

Key Benefits

No hardware token required

Private key stored in SSL's cloud HSM — no USB tokens, no shipping, no token management.

CI/CD native

eSigner CKA integrates with signtool.exe — works in any pipeline that supports standard Windows signing.

EV-grade signing in automation

Cloud HSM satisfies CA/B Forum EV requirements — sign with EV certificates in headless environments.

FIPS 140-2 validated HSM

Keys stored in a FIPS 140-2 validated cloud HSM operated by SSL.

Sign from anywhere

Sign from any internet-connected build environment — cloud, on-premises, or hybrid.

Any Authenticode-compatible format

.exe, .dll, .msi, .cab, .sys, .ps1, and more — all formats accepted by signtool.exe.

CI/CD Integrations

eSigner CKA is compatible with all major CI/CD platforms that support signtool.exe or standard signing APIs:

PlatformIntegration methodKB article
GitHub ActionseSigner CKA + signtool.exe in workflowCloud Code Signing Integration with GitHub Actions
JenkinseSigner CKA in build stepCloud Code Signing Integration with Jenkins CI
Azure DevOpseSigner CKA as pipeline taskAzure DevOps Cloud Signing Integration Guide
CircleCIeSigner CKA in orb or stepCloud Code Signing Integration with CircleCI
GitLab CIeSigner CKA in runnerCloud Code Signing Integration with GitLab CI
TeamCityeSigner CKA in build configurationHow to Integrate eSigner CKA with CI/CD Tools
Custom scriptsCSC API for direct REST integrationCloud Code Signing Automation · Automate EV Code Signing with signtool.exe

How It Works

1 — Purchase certificate

Buy an IV, OV, or EV code signing certificate from SSL.

2 — Enroll in eSigner

Enroll your certificate in the eSigner cloud signing service — a separate subscription.

3 — Install eSigner CKA

Install the eSigner CKA (Crypto Key Adapter) on your build server or in your CI/CD environment.

4 — Configure pipeline

Add a signing step to your CI/CD pipeline using signtool.exe with the eSigner CKA.

5 — Sign automatically

Every build triggers a signing request — private key never leaves SSL's cloud HSM.

Purchase & Pricing

1. Select Code Signing Certificate

IV Code Signing
$129.00/yr
OV Code Signing
$129.00/yr
EV Code Signing
$349.00/yr
EV Sole Proprietor Code Signing
$359.00/yr

2. Select Key Storage & Delivery

eSigner Cloud Signing

Sign anywhere using eSigner.com. No hardware required.
+ Subscription
Monthly Annually (save over 25% monthly)
Select eSigner Tier
Tier 1$15.00/mo
240 Signings
1 Credential
Tier 2$63.75/mo
1,200 Signings
5 Credentials
Tier 3$131.25/mo
3,600 Signings
9 Credentials
Tier 4$187.50/mo
12,000 Signings
13 Credentials

Select the monthly or annual signature volume tier. Any unused signatures will roll over into the next month or year if there is an active certificate. Each tier provides a certain number of included credentials which are pre-selected based on the selected tier. Extra credentials can be purchased at $20 per month. New certificates will receive 30-days free of eSigner cloud signing. After the first 30 days, your monthly or annual subscription fees will be applied. For multi-year subscription discounts, high-volume signature packages and custom solutions, please contact sales.

3. Validation Speed (optional)

Choose how quickly your organization or identity is validated before your certificate is issued.

Standard

3ā€“5 day validation Ā· 2ā€“3 day US shipping Validation completed after all agreements, entity info submitted, and a successful callback to a listed phone number. International shipping tracked; delivery subject to customs. Included

Expedited

2 business day validation Ā· overnight US delivery 2 business days priority validation from first complete submission and callback. Token shipped overnight in continental US. +$599.00

Order Summary

ProductOV Code Signing
Term2 years
Rate$116.00/yr
Savingsā€”
Signing methodeSigner Cloud Signing
Signing subscription$15.00/mo
ValidationStandard
Validation feeIncluded
Total $1,464.00
+ eSigner Cloud Signing - Tier 1 Subscription - $15.00/mo

Compliance & Standards

CA/B Forum EV Code Signing

Cloud HSM satisfies FIPS 140-2 requirement for EV private key storage — accepted by all major CAs.

FIPS 140-2

SSL's cloud HSM is FIPS 140-2 validated. Keys generated and stored in certified hardware, never exported in plaintext.

CSC API

SSL implements the Cloud Signature Consortium API for programmatic signing integration and enterprise automation.

Frequently asked questions

Yes — eSigner is a signing service that works with a code signing certificate. You purchase the certificate (IV, OV, or EV) first, then enroll it in eSigner separately.

Yes — this is a primary use case. eSigner's cloud HSM satisfies the FIPS 140-2 hardware requirement for EV private key storage, so you get full EV-grade trust without a physical USB token.

eSigner CKA is a Windows component that wraps signtool.exe. For Linux-based signing, use the eSigner CSC API directly. Contact SSL for guidance on cross-platform signing workflows.

No — you want eSigner for Documents. It supports PDF signing via the eSigner Express web app and high-volume automated signing via eSealing.

IV (Individual Validated), OV (Organization Validated), and EV (Extended Validation) code signing certificates from SSL are all compatible. EV is the most common choice for CI/CD pipelines as it provides instant SmartScreen reputation.

Ready to sign code from your pipeline?

Get eSigner for Code — no hardware token required. Works with IV, OV, and EV code signing certificates from SSL.
View eSigner pricing

Related products

EV Code Signing

Instant SmartScreen reputation and kernel-mode driver signing — most commonly used with eSigner for Code.

Learn more

OV Code Signing

Organization-validated code signing compatible with eSigner for Code — ideal for standard software distribution.

Learn more

eSigner for Documents

Sign PDFs, contracts, and official documents via eSigner Express or automate at scale with eSealing.

Learn more

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information read ourĀ Cookie and privacy statement.

3rd Party Cookies

This website uses Google Analytics & Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Show details
Powered by  GDPR Cookie Compliance