Everything you need to know about renewing your Code Signing Certificate

Code Signing Certificates have a shelf life of 1-3 years, which means they'll need to be renewed if you want to keep the code you write protected following their expiration.

The good news is this is a very simple process.

To renew your Code Signing Certificate, simply re-purchase it from the Code Signing Provider you bought it from. Now, and this is important, you're going to want to renew before the certificate actually expires. The reasons for this are two-fold.

First of all, you don't want your protection to lapse. That would leave your un-timestamped software insecure – meaning that it will flag as having an unknown author – and that's going to end up costing you money. Not to mention, it can take a few days to issue the certificate so you may be without the ability to sign & distribute for as long as a week.

Second, if you renew before the certificate expires you don't have to go through the entire validation process again. You can roll some of it over and just deal with a few requirements instead of the entire process. If you renew after the certificate has expired though, you're really not renewing at all, you're purchasing a new one and the CA is going to make you go through every step of the validation process again.

Now, the last thing to remember is that your job is not done simply because you've renewed your certificate. The CA still has to issue you a new certificate and you still have to install it. Don't make the mistake of thinking the job is done just because you renewed—that will leave your software without protection when your old certificate expires. Remember to install your new certificate and you'll be good to go! For instructions on how to sign your code, click here.