Digital Signing for Application and Software Developers - In-Depth Guide and Resources

Written by Horatiu Vladasel · May 29th, 2024

A digital signature guarantees the authenticity of an electronic document or message. In the software industry, code signing provides an added layer of security and trust that you're using a code that comes from an original vendor and not a third-party that could have maliciously altered the code.

Code signing lets you know that the application hasn’t been tampered with since it was signed, and it’s safe to install and run on your machine.

What is a Code Signing Certificate

Find out what a code signing certificate is, about the role of a code signing certificate, the options you have when signing your software, and the problems you might encounter.


Code signing certificates and timestamp

When a digital signature is applied, using a timestamp is highly recommended. Timestamping ensures that a digital signature is still recognized as valid even after the digital certificate expires. Read our article to better understand what a digital signature timestamp is and why it is very important in application electronic signing.


Where can you get your code signing certificate from?

“Where can I purchase a certificate?” “What third party do you recommend?” To answer such questions, we put together a list of Digital Certificate providers that is far from comprehensive (and take notice that we don’t make any specific recommendations).


Trusted Signing and other cloud signing services

Advanced Installer is the first application packaging tool in the industry that provides built-in support for Trusted Signing. Learn how we integrated Azure Trusted Signing in all commercial editions, helping software publishers improve the cybersecurity of their end-users.


What are the User Account Control & SmartScreen Filter?

Learn what the User Account Control (UAC) alert center is and how to handle the “Do you want to allow this app from an unknown publisher to make changes to your device” alert message.


EV Code Signing vs Regular Code Signing

An extended discussion about the EV Code Signing Certificate (EV stands for Extended Validation), a more advanced method to code sign your certificates, and how it is different from a regular code signing technique, and what pricing you can expect for purchasing such a certificate.


What is a PFX Certificate and how to generate it?

In this article, we discuss what a PFX Certificate is, how to create one through different ways, and how to create a .pfx file from exporting a self-created certificate and its password. Let’s dive in!


Signing your code with a Microsoft SignTool certificate

Our guide takes you through the process of using SignTool, Microsoft's tool for creating your own self-signed certificate, needed to secure and authenticate a Windows application.


MSIX Digital Signing

In our dedicated article, we showcase the two main methods to digitally sign an MSIX package, plus one additional method used for internal company apps.


Furthermore, we gather all our resources on code signing an MSIX installer:

  1. Automating the Digital Signing Process of your MSIX Packages with MSIX Tweaker
  2. MSIX and Code Signing Certificates: What Developers Must Know
  3. Digital Signing section - MSIX Packaging Fundamentals ebook

Frequently Asked Questions about Digital Signature

We gathered a list of the most frequently asked questions regarding software digital signature and certificates.


Written by
See author's page
Horatiu Vladasel

Horatiu is a Software Packager/Sequencer with over 10 years experience, who has worked as a Software Packager at IBM and is currently offering software packaging services to companies such as BT or Nationwide.