Different code signing certificate — dual-brand Microsoft designated

ZoTrus Technology selects two CAs from the six Microsoft-designated CAs for issuing EV code signing certificates that can be used to register for Windows Hardware Partner Center: Sectigo and SSL.com, to issue both regular code signing certificates and EV code signing certificates to users. ZoTrus Technology's founder has a 21-year partnership with Sectigo and a 10-year partnership with SSL.com. These long-standing collaborations ensure that users receive the highest quality original manufacturer services plus value-added services to meet their various code signing application needs.

Setigo
SSLcom
Microsoft Hardware Certification Designated CA
yes
yes
Microsoft Windows Trusted CA
yes
yes
Cloud Signing Service Preferred
To be activated
yes
UKey Local Signing Preferred
Yes, it is China made UKey delivered by SF Express from Shenzhen.
No (YubiKey, bulk signing is not supported)
Root CA certificate compatibility
Best (Old root since 2004)
Better (root since 2017)
Certificate Type
OV and EV code signing certificates
IV, OV, and EV code signing certificates
Free timestamp
Available at: http://timestamp.sectigo.com
Available at: http://ts.ssl.com
Identity Validation
CA checks business registration databases and provides Chinese telephone call verification.
CA checks business registration databases and provides Chinese telephone call verification.
Certificate issuance time
1-3 business days
1-2 business days
Certificate signing availability time
(UKey Local Signing)
After the certificate is issued, the UKey will be delivered from Shenzhen by SF Express within 24 hours.
If have YubiKey, users can import the certificate after it is issued and use it immediately.
Certificate signing availability time
(Cloud Signing Service)
Cloud signing service is available immediately after certificate issuance.
loud signing service is available immediately after certificate issuance.
Certificate availability status reminder
Email, WeChat
Email, WeChat
Choose one of the two options
When applying for a certificate, choose cloud signing or local signing.
When applying for a certificate, choose cloud signing or local signing; cloud signing is recommended.
Certificate Path (IV/OV)
code-Setigo
code-SSLcom
Certificate Path (EV)
code-Setigo
code-SSLcom

Code signing and code signing certificate basics

Code signing is a method of digitally signing files, programs, or software updates using X.509 certificates to ensure that the files or software have not been tampered with or corrupted. It provides users with an extra layer of protection, ensuring the software code is trustworthy and secure. Software developers digitally sign their software programs, applications, and drivers using code signing certificates to prevent unauthorized parties from tampering with or corrupting applications. Unsigned applications are easily modified to include malware or viruses; these untrusted applications display warning messages, leading to lower installation rates. Code signing certificates issued by CAs trusted by Windows can prevent all these problems.

Users can choose from three types of code signing certificates: IV Code Signing Certificate for personal, OV Code Signing Certificate for Organization, and EV Code Signing Certificate for Organization. The different uses of each certificate are shown in the table below. Please select the appropriate code signing certificate according to your needs. These certificates are used for digitally signing different types of code files, such as: .sys, .cat, .exe, .dll , .cab, .ocx , XML, .jar, .apk , .arx , .air, .airi , .xap , Office VBA , etc.

Functional requirements
EV code signing certificate
OV code signing certificate
IV code signing certificate
The operating system (Windows) allows installation
Microsoft Windows Hardware Driver Certification
Signed Windows 10 and later drivers
Signed pre-Windows 10 drivers (Win7/Win8)
Instantly gain Microsoft SmartScreen reputation
Suitable for individual software developers without a registered company

Given that quantum computing will be able to quickly crack digital signatures implemented using traditional cryptographic algorithms in the future, international standards organizations have set a timeline to shorten the validity period of code signing certificates to 450 days (one year and three months) since March 1, 2025. This means that from March 1, 2025, users will only be able to purchase one-year code signing certificates. The validity period of SSL certificates will also be shortened to 47 days, reflecting this trend towards shorter validity periods for code signing certificates. Therefore, it is recommended that users purchase code signing cloud services, where they don't need to worry about the validity period of the code signing certificate, but only need to purchase the required validity period of the code signing cloud service.