Knowledge Base

How to Enroll a Code Signing Certificate in SCM?

 

Overview 

Code Signing Certificates are used to digitally sign software, ensuring authenticity and integrity. By the end of this article, you will have enrolled a Code Signing Certificate in Sectigo Certificate Manager (SCM) and delivered it to a certificate requester. The workflow involves five steps: create a Certificate Profile, delegate that profile to your organization, build an Enrollment Form, send an Enrollment Invitation, and complete enrollment by submitting a Certificate Signing Request (CSR). The procedure uses the Master Registration Authority Officer (MRAO) role and supports both Organization Validation (OV) and Extended Validation (EV) templates. 

Prerequisites 

  • Access to Sectigo Certificate Manager (SCM) with administrator privileges. 

  • A configured Code Signing Certificate Profile. 

  • A Certificate Signing Request (CSR) generated in Privacy-Enhanced Mail (PEM) format. 

  • If required, Key Attestation enabled by Sectigo Support. 

Step 1: Create a Certificate Profile 

  1. Log in to Sectigo Certificate Manager (SCM) as an administrator with the Master Registration Authority Officer (MRAO) role. 

  1. Navigate to Enrollment > Certificate Profiles. 

  1. Click Add to create a new profile. 

  1. Complete the fields: Name, Certificate Authority (CA) Backend, Certificate Type (Code Signing Certificate), Template (Organization Validation [OV] or Extended Validation [EV]), Terms (validity period). 

  1. Click Save. 

Step 2: Delegate Profile to Organization 

  1. Navigate to Organization > Certificate Settings. 

  1. Enable Code Signing Certificates. 

  1. Assign the Certificate Profile created in Step 1 to your organization. 

Step 3: Create an Enrollment Form 

  1. Navigate to Enrollment > Enrollment Forms. 

  1. Click Add (+) to create a new form. 

  1. Configure: Type (Code Signing Certificate Enrollment Form), Generate Uniform Resource Locator (URL) Extension, Authentication (Email Confirmation or Secret ID). 

  1. Click Save. 

  1. Add the form to an account: Select the form -> Accounts -> Add (+), provide account details, assign certificate profiles. 

Step 4: Send Enrollment Invitation 

  1. Navigate to Certificates > Code Signing Certificates. 

  1. Click Invitations -> Add (+). 

  1. Enter: email of the certificate requester, Enrollment Endpoint (the Enrollment Form created in Step 3), Account associated with that endpoint. 

  1. Click Send. 

Step 5: Complete Enrollment 

  1. The certificate requester (the recipient of the invitation sent in Step 4) opens the email and clicks the enrollment link. 

  1. The requester fills in: Certificate Email (Subject Alternative Name [SAN]), First Name / Last Name, Certificate Term. 

  1. The requester uploads a Certificate Signing Request (CSR) in Privacy-Enhanced Mail (PEM) format and a Key Attestation file (if required). 

  1. The requester submits the form. 

Best Practices 

  • Ensure the Certificate Signing Request (CSR) matches the Certificate Profile requirements. 

  • Use strong authentication for enrollment forms. 

  • For Extended Validation (EV) Code Signing, verify organization details before submission. 

References  

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Call us today