The EV Code Signing collection process is a lot different than the standard Code Signing process, but that’s because of the elevated security practices being used.
Not to worry however, as we’ll guide you through the process of the collecting the EV Code Signing so you can get on your way with signing your application!
Please Note: This guide is very text heavy as the process is quite different. Please read the entire guide verbatim to prevent any confusion or headaches along the way.
After completing the enrollment -process for your Extended Validation (EV) Code Signing the Certificate Authority will begin the vetting process. This vetting process is not that much different than the regular Extended Validation SSL process, so if you need a refresher please check our other Knowledge Base article on this.
Upon successful validation of the EV process, the Certificate Authority will mail your EV Code Signing certificate and key to the address used during the enrollment process. Yes, the EV Code Signing certificate is physically mailed to you using a mail carrier such as FedEx or UPS. This is because of the security requirements that dictate all EV Code Signing private keys be kept off the device to ensure maximum security.
What’s in the Package?
Depending upon your Certificate Authority, the package might be slightly different but contained inside the package should be the following items. An example of what these items look like can be seen on the right.
- Smart Card – This is the white credit card looking card with the chip in it.
- Smart Card Reader – This is the packaged item labeled “USB 2.0 Smart Card Reader”
- Letter from the Certificate Authority – This is the letter
Installing Safenet Authentication Client
For this part of the process, it is best to refer to the letter received by the Certificate Authority which will include a URL to access and install the required software: Safenet Authentication Client. Download and open the appropriate installer for the machine that you wish to use during the signing process.
Follow the installation process and once complete, please perform a reboot to ensure that the SafeNet Authentication client has been successfully installed. After successfully installing the Safenet Authentication Client software, follow the steps below to use your EV Code Signing.
Plugging in the Smart Card
Before plugging in the Smart Card Reader, open the newly installed Safenet Authentication Client software. Once opened, you are ready to plug in the Smart Card Reader with the Smart Card inserted. When the card is inserted the device should light up and alternate between blue and purple.
Once the card has been fully detected the device will default to a solid purple light, which means it has been registered and ready to be opened in SafeNet.
At this point, your SafeNet Authentication Client should detect the Smart Card and populate your card into the application as seen above.
Changing the Password
While it is not required, it is recommended that you choose to “Change Token Password,” which will open the interface to change the password for the token. Using the password received from the Certificate Authority in email format, input the existing password and input a new unique password that meets the security requirements of SafeNET.
Collecting the Certificates
To proceed with the collection of the certificate to sign your application, click the “Gear” icon which will change the interface so that it appears similar to the one below.
Once clicked the interface will show a sidebar with any available tokens and drop-downs. Proceed to click into the drop-downs until you reach your company’s specific certificate as seen in the example below.
At this point you’re ready to begin signing your application with your Extended Validation Code Signing certificate!