Understanding code signing certificates

Code signing certificates are used to sign software and code to verify the identity of the publisher and ensure that the code has not been tampered with.

In addition to providing a centralized view of code signing certificates and certificate details, SCM enables appropriately privileged administrators to do the following:

  • Revoke certificates — Revoke code signing certificates.

  • Send enrollment invitations — Send code signing certificate self-enrollment invitations to users.

Code signing certificates can be managed on the Certificates  Code Signing Certificates page.

Code Signing Certificates page

The following table describes the settings and controls of the Code Signing Certificates page.

Column Description

ID

The unique numeric identifier of the certificate.

Status

The status of the certificate.

The possible values are:

  • Requested — The certificate request has been received in SCM and is awaiting approval.

  • Approved — The certificate request has been approved in SCM and is awaiting certificate authority (CA) issuance.

  • Applied — The certificate request is being processed by the CA.

  • Issued — The certificate has been issued.

  • Expired — The certificate has expired.

  • Declined — The certificate request has been declined by an administrator.

  • Rejected — The certificate request has been rejected by the CA because of one or more issues.

  • Revoked — The certificate has been revoked.

Order number

The unique identifier created by the issuing CA to represent the certificate request.

Certificate profile

The certificate profile used for the certificate request.

Sub type

The validation type of the certificate.

The possible values are:

  • OV — The certificate is validated by the CA against the organization.

  • EV — The certificate is validated by the CA against the legal, physical, and operational existence of the organization.

  • Private — The certificate was issued by a private CA.

Term

The validity period of the certificate.

Requested via

The method used to request the certificate or to bring it into SCM.

The possible values are:

  • Discovery — The certificate was discovered during a scan and brought into SCM for management.

  • Enrollment Form — The certificate was requested using an external enrollment form.

  • REST API — The certificate was requested using the REST API endpoint.

Organization

The organization that requested or has been issued the certificate.

Department

The department, if any, that requested or has been issued the certificate.

Name

The certificate requestor’s name.

Email

The certificate requestor’s email address.

Subject

The entity (such as an individual or organization) identified by the certificate, containing unique attributes that distinguish it from others.

Subject alt name

Additional names or attributes that identify the entity associated with the certificate. This can include alternative email addresses, organizational unit names, or other identifiers relevant to code-signing certificates.

Issuer

The name of the certificate and the issuing CA.

Expires

The date that the certificate expires.

Serial number

A unique serial number assigned to the certificate.

Key usage

The cryptographic operations that the certificate is valid for.

Extended key usage

Additional cryptographic operations that the certificate is valid for.

Key algorithm

The algorithm used to generate the key pair.

Key size / curve

The size of the key pair or the curve used to generate the key pair.

Signature algorithm

The algorithm used to sign the certificate.

MD5 hash

The MD5 hash (thumbprint/fingerprint) of the certificate.

SHA1 hash

The SHA1 hash (thumbprint/fingerprint) of the certificate.

Requested

The date that the certificate was requested.

Issued

The date that the certificate was issued.

Downloaded

The date that the certificate was downloaded.

Revoked

The date that the certificate was revoked.

Deleted

The date that the certificate entry was deleted.

HSM type

The type of hardware security module (HSM) used to store the certificate.

Shipping type

The shipping method used to deliver the certificate.

Custom fields

Depending on your configuration, various custom field columns may be available containing additional information about the certificate.

Table controls

Filter

Enables you to sort the table information using custom filters.

Group

Enables you to sort the table information using predefined groups.

Refresh

Refreshes the information presented in the table.

Download CSV

Downloads the table information as a .csv file.

Manage Columns

Enables you to select which table columns to display.

Admin controls

Invitations

Opens the Invitations dialog where you can invite users to request certificates through an external enrollment form.

Delete

Opens the Delete Certificate dialog where you can delete the certificate entry from SCM.

View

Opens the Code Signing Certificate page where you can view certificate details and perform various administrative tasks (such as downloading the certificate).

Revoke

Opens the Revocation Reason dialog where you can revoke the certificate.

View Audit

Opens the Certificate Audit page where you can view or download audit logs.

Enrollment methods

SCM supports the enrollment of code signing certificates using the following methods:

  • Self-Enrollment — Manually enroll code signing certificates using a self-enrollment form outside of SCM. For more information, see Understanding enrollment forms.

  • REST API — Enroll code signing certificates through the SCM REST API using a configured SCM REST API endpoint. For more information, see Understanding REST endpoints.

  • Admin API — Enroll code signing certificates through the SCM Admin API using a configured SCM API Admin. For more information, see Understanding administrators.

  • CA connector — Enroll code signing certificates through a third-party CA using a configured SCM CA connector. For more information, see Understanding CA connectors.