If you are building software for Windows that you want to distribute, then you want it to be trusted by your customers systems. The surest way to do that is with code signing. The strongest code signing comes from an Extended Validation or EV Certificate. The only difference between a plain cert and an EV cert is the processes required to obtain it from the certificate authority. An EV cert requires a much more extensive check of the requestor. One of the requirements is that you have your entire code signing process audited by a qualified person. Our Certified Information Systems Security Professionals (CISSP) are qualified and experienced in the audit required to help you obtain your EV certificate.
Your certificate authority wants to ensure the private key is only stored in a Hardware Security Module (HSM) and they want to ensure that you are not doing anything to compromise the security or integrity of the digital certificate.
Whether you are storing the certificate in an on-premise HSM or in Azure Key Vault or AWS CloudHSM, we can help.
We can provide the letter for any of the digital Certificate Authority (CA) vendors. They include Digicert, Certum, Comodo, Digicert, Entrust, GlobalSign, and Symantec.
What you can expect with an Extended Validation (EV) Code Signing compliance letter project:
- One-time, low, fixed fee.
- Initial sharing of documentation by you on the technology used in your signing solution.
- One-hour onboarding call where you explain your architecture and signing solution.
- A short turn around where our team researches aspects of your solution.
- A few additional questions of follow up.
- A signed audit letter by a qualified CISSP -OR- findings of what if anything needs to be changed in your process or architecture.
- Up to three retries if anything in your process is non-compliant.
- Confirmation call with the Certificate Authority (CA) to verify the content of the letter.
If you would like to learn more about our EV Code Signing letter by a CISSP, contact us today.
- 452 views