Certum Cloud CODE signing - FAQ
Information on signing SW using CODE Signing certificates secured via of the SSLmentor project.
CODE signing with Cloud Code certificates
How many times can I use CODE certificate?
It is possible to sign an unlimited number of codes for the entire period of validity with one limitation.
CA Certum has a note on its website: "Please be advised that for Code Signing in the Cloud products, there is a limit of 5000 signings per month per certificate. Exceeding this limit may result in reaching out to you to inform about the exceedance and potential product blockage in the month the limit is surpassed. We appreciate your understanding and adherence to the specified limitations."
What are the additional costs?
There are no additional costs. You no longer pay anything to the certification authority and use the CODE certificate for the entire period of validity.
Is it possible to have the certificate connected non-stop?
No, it is not possible. SimplySign Desktop has an active secure connection established for 2 hours. A new token must then be generated in SimplySign App.
What is the difference between a PFX file and a cloud certificate?
From the summer of 2023, it is not possible to issue exportable CODE certificates and it is therefore no longer possible to have a certificate in an encrypted PFX file. Certum Cloud Code Signing certificate connects to PC using SimplySign Desktop an application that emulates a crypto card with a certificate located in the cloud. A big advantage is that you don't have to worry about keeping a USB token or card, you can do everything online.
SimplySign Mobile Application
SimplySign App on another mobile phone
If you need to change your mobile phone for the SimplySign App, you need to ask CA Certum (contact) for a new QR code to activate the app.
Please send a new activation request to CA Certum. The order number is required! You can find it in the order details in the Control Panel. ID Order format 12345678-9abc-12a3-a5dc-1a234567bcd.
Can I have SimplySign App on multiple phones?
Yes, we have tested and use the SimplySign app on 2 mobile phones. If you save the activation QR code safely, you can use it to activate SimplySign on another mobile phone as well. Please note that the activation QR code allows full access to your CODE certificate and must be stored safely!
QR code to activate SimplySign is not displayed
The SimplySign activation QR code is displayed after successfully entering the password sent. If you do not see the QR code, try a different browser. For example Edge or FireFox. You may have some extensions in your browser that prevent the QR code from being displayed.
Can I sign VBA Macros?
YES. Using the Cloud CODE signing certificate also allows you to sign created macros. You can sign XLMS files.
Can I sign my applications with ClickOnce?
YES. ClickOnce allows you to create auto-updating Windows applications. In case SimplySign Desktop is not actively connected to the certificate, the login window for inserting the token from SimplySign App is activated and after successful connection, signing is started.
Can I use the CODE certificate with CI/CD tools?
CI/CD tools help developers quickly build, test, and deploy application updates through automated channels. Before ordering a CODE signing certificate from CA Certum, it is necessary to consider the deployment procedures and whether the "restriction" of the length of the 2-hour window is sufficient for signing. We always recommend going through the entire signing workflow and then deciding whether to buy the certificate. Unfortunately, a CODE certificate for testing cannot be provided.
Can I get a CODE certificate as an individual person?
Yes, it is possible. Requesting a certificate for a private person requires proof of identity and proof of address from the certificate details. The address can be documented, for example, by an invoice for energy, a telephone, or an official confirmation of the address in the document.
Why are your prices so low?
Yes, we could make them more expensive, but we don't want to. Our customers include many software companies and developers. We have a long-term partnership with CA Certum and sell a large number of CODE certificates. Our goal is to offer developers quality products at favorable prices. We believe that every developer should have access to a CODE certificate at a reasonable price, and CA Certum's CODE certificates fulfill this perfectly compared to Sectigo or DigiCert.
SignTool Errors found
SignTool Error: No certificates were found that met all the given criteria
An error that occurs exceptionally for some customers with SimplySign Desktop version (December 2023) installed.
The solution is to install using a file with the .MSI extension.
SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr
Dual-sign SHA256 and SHA1 with time server http://time.certum.pl/ ends with an error "SignTool Error: The /t option is incompatible with the /as option" and "SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr".
Based on customer experience, DigiCert's time server works for dual-sign signing http://timestamp.digicert.com/.
sign /n "CODE cert" /t http://timestamp.digicert.com/ /fd sha1 /v test.exe
sign /n "CODE cert" /tr http://timestamp.digicert.com /fd sha256 /as /v test.exe
SignTool Error: There was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded.
The issue arises because Microsoft Office uses SHA-1 as the default hashing algorithm for signing VBA projects (Excel or Visio), but modern certificates (like those using SHA-256) are not compatible with this default setting.
To resolve this:
1. Open the Windows Registry Editor (regedit)
2. Navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Security
If the Security key doesn't exist, create it.
3. Add a new DWORD (32-bit) Value named V1HashEnhanced
4. Set its value to:
2 for SHA-256 (recommended),
3 for SHA-384,
or 4 for SHA-512
5. Restart Excel and try signing the VBA project again.
This configuration ensures compatibility with certificates using stronger hashing algorithms like SHA-256.
SHA2 support in Windows operating system
Microsoft has started the migration and update process to support SHA-2 since 2019.
It publishes an overview of the information on the page SHA-2 Code Signing Support requirement for Windows and WSUS.
Back to Help
Found an error or don't understand something? Write us!