Knowledge Base
How to Enroll a Code Signing Certificate in SCM?
Overview
Code Signing Certificates are used to digitally sign software, ensuring authenticity and integrity. By the end of this article, you will have enrolled a Code Signing Certificate in Sectigo Certificate Manager (SCM) and delivered it to a certificate requester. The workflow involves five steps: create a Certificate Profile, delegate that profile to your organization, build an Enrollment Form, send an Enrollment Invitation, and complete enrollment by submitting a Certificate Signing Request (CSR). The procedure uses the Master Registration Authority Officer (MRAO) role and supports both Organization Validation (OV) and Extended Validation (EV) templates.
Prerequisites
-
Access to Sectigo Certificate Manager (SCM) with administrator privileges.
-
A configured Code Signing Certificate Profile.
-
A Certificate Signing Request (CSR) generated in Privacy-Enhanced Mail (PEM) format.
-
If required, Key Attestation enabled by Sectigo Support.
Step 1: Create a Certificate Profile
-
Log in to Sectigo Certificate Manager (SCM) as an administrator with the Master Registration Authority Officer (MRAO) role.
-
Navigate to Enrollment > Certificate Profiles.
-
Click Add to create a new profile.
-
Complete the fields: Name, Certificate Authority (CA) Backend, Certificate Type (Code Signing Certificate), Template (Organization Validation [OV] or Extended Validation [EV]), Terms (validity period).
-
Click Save.
Step 2: Delegate Profile to Organization
-
Navigate to Organization > Certificate Settings.
-
Enable Code Signing Certificates.
-
Assign the Certificate Profile created in Step 1 to your organization.
Step 3: Create an Enrollment Form
-
Navigate to Enrollment > Enrollment Forms.
-
Click Add (+) to create a new form.
-
Configure: Type (Code Signing Certificate Enrollment Form), Generate Uniform Resource Locator (URL) Extension, Authentication (Email Confirmation or Secret ID).
-
Click Save.
-
Add the form to an account: Select the form -> Accounts -> Add (+), provide account details, assign certificate profiles.
Step 4: Send Enrollment Invitation
-
Navigate to Certificates > Code Signing Certificates.
-
Click Invitations -> Add (+).
-
Enter: email of the certificate requester, Enrollment Endpoint (the Enrollment Form created in Step 3), Account associated with that endpoint.
-
Click Send.
Step 5: Complete Enrollment
-
The certificate requester (the recipient of the invitation sent in Step 4) opens the email and clicks the enrollment link.
-
The requester fills in: Certificate Email (Subject Alternative Name [SAN]), First Name / Last Name, Certificate Term.
-
The requester uploads a Certificate Signing Request (CSR) in Privacy-Enhanced Mail (PEM) format and a Key Attestation file (if required).
-
The requester submits the form.
Best Practices
-
Ensure the Certificate Signing Request (CSR) matches the Certificate Profile requirements.
-
Use strong authentication for enrollment forms.
-
For Extended Validation (EV) Code Signing, verify organization details before submission.
References
-
-
Understanding Enrollment Forms: https://docs.sectigo.com/scm/scm-administrator/understanding-enrollment-forms
-
Understanding Certificate Profiles: https://docs.sectigo.com/scm/scm-administrator/understanding-certificate-profiles
-
Understanding Code Signing Certificates: https://docs.sectigo.com/scm/scm-administrator/understanding-code-signing-certificates
-
Managing Code Signing Certificates: https://docs.sectigo.com/scm/scm-administrator/managing-code-signing-certificates
Similar Questions
-
How do I request a Code Signing Certificate in Sectigo Certificate Manager (SCM)?
-
What are the steps to issue a Code Signing Certificate to a developer or vendor?
-
How do I set up a Code Signing Certificate Profile and enrollment form in SCM?
-
How do I send a Code Signing Certificate enrollment invitation?
-
How do I enroll for an Organization Validation (OV) or Extended Validation (EV) Code Signing Certificate?
-
Need assistance?
Contact our team for help with your purchase or issuing your certificate.