What is Code Signing and how does it work?
Code Signing certificates are digital signature certificates used to sign the source code of an executable.
Code Signing certificates ensure that the code has not been tampered with by third parties and identifies the organization that issued the code.
To sign an executable, use the ActalisCodeSigner tool or a compatible signature software.
Why should you use Code Signing?
Code Signing should be used to sign all your software, such as installation packages, dynamic libraries or apps.
What types of Code Signing certificates are there?
There are two types of Code Signing certificates:
- Organization Validated (OV). The Certification Authority (CA) verifies your organization: company details will be shown in the certificate.
- Extended Validated (EV). Only valid for Windows. Only Microsoft can authorize CAs to issue this type of certificate. Actalis is not authorized to issue this type of Code Signing certificate.
How to sign an executable using ActalisCodeSigner
ActalisCodeSigner is a command-line client you can use to sign executable files and scripts with the username and password linked to your Code Signing Certificate. It can be used on Windows and Linux.
It supports the following signing algorithms:
- MD5 and SHA1 (discontinued for security reasons in the most recent Java editions)
- SHA-256
ActalisCodeSigner does not require installation: to use it, extract the application archive to a system folder and launch the command-line command. Read the manual to learn about the list of commands you can use.
When you launch a command, use the username and password for your Code Signing Certificate:
- following the -fu parameter, enter the username.
- following the -fp parameter, enter the password sent in the Certificate issue confirmation email, not the one sent for the .p12 file.
Do not use your web account user details.
If you are unable to sign in, read the documentation or open a support request.
Validity of Code Signing certificates
Starting from March 1, 2026, a new CAB Forum rule will come into force that reduces the duration of Code Signing certificates: the maximum permitted validity for Code Signing certificates will change from 39 months (approximately 3 years) to 460 days (approximately 15 months) for all publicly trusted certificates.
This means that:
- new certificates or renewals issued from March 1, 2026 will not be able to have a validity longer than 460 days;
- Code Signing certificates issued before March 1, 2026 with a longer validity will remain valid until their natural expiration date, even if they exceed 460 days.
For further details, please see the FAQs.
in your browser, disable the blocker, then refresh the page. You can also check your connection and refresh the page.