Just like SSL, Code Signing certificates expire and need to be replaced. After your code signing certificate expires you will not be able to sign any new code. The good news is that your previously signed and timestamped code will still have a valid signature after the certificate expires.
You must renew the certificate if you need to apply new signatures to new or changed code, i.e. version updates, patches, etc. You should plan to start the renewal process for your Code Signing certificate early, before your current certificate expires. In many cases, renewing a Code Signing Certificate does require re-validation of the information on the certificate, which can take a few days to complete.
Be prepared to re-submit your photo ID for Individual Validation (IV) and Organization Validation (OV) Code Signing Certificates. You may also need to do another phone call with the Certificate Authority to finish the verification process.
How to Renew Your Code Signing Certificate
ComodoSSLStore sends email reminders when it's getting close to time to renew your Code Signing certificate. You can purchase another certificate through the email reminders, or you can simply purchase the product you need directly on our website.
Renewing a certificate is the same as buying a new one. After purchasing, you will receive a blank certificate that you can generate with the required information for your Code Signing certificate request.
For Organization Validation certificates, please make sure to submit the legal registration details for the organization. If any information has changed, such as physical address of the company, this information must be verified through approved third-party websites such as Dun and Bradstreet or Yellow Pages.
Purchase a new Code Signing certificate order on your account. You can purchase through our renewal reminder emails, or you can add the product to your cart from the storefront page.
After purchasing, you will generate the certificate on your account. You can either use Internet Explorer to create the certificate via web browser, or you can submit a CSR that you have created on your server.
Generate Code Signing with Internet Explorer
You may need to help Comodo re-validate your organization details, including a verification phone call. In some cases, this process can be completed very quickly based on the previous order's validation.
Once the certificate is validated, you will receive an email from Comodo with a link to download your new certificate. If you used the Internet Explorer method to create the certificate, you must use Internet Explorer to collect the file from the link. Otherwise, if you used the Manual CSR method, we recommend using Chrome or Edge to download the certificate.
5. Create the PFX
If you used the Internet Explorer method to generate and collect your certificate, you should be able to export the PFX file directly from Internet Explorer's certificate store.
If you used the Manual CSR method, you will need to use a certificate utility to combine the certificate with its private key to create the PFX.
Once you have your Code Signing PFX file, you can start signing code again.
Renewing EV Code Signing Certificates
Renewing an EV Code Signing certificate is also the same as buying a new one. These certificates are issued on physical USB tokens that must be replaced after the certificate expires. After completing the Extended Validation process with the CA, they will mail you a new USB token to use in place of the expired one.