Update June 2024
Until further notice, Code Signing certificate renewals are not working. If you need to renew a Code Signing certificate, please request a new one.
As from April 2022, Openprovider additionally offers the following certificates:
S/MIME Personal
S/MIME PRO
Code Signing
Code Signing EV
Please find below details about validation, ordering and delivery processes.
How to order new certificates
New certificates can be ordered the same way like other certificates that we have in our offer: through Reseller Control Panel and our public API
1. Login to your Reseller Control Panel and click on “New certificate” in the main dashboard:
2. You will be redirected to a new page where you can choose the “Other certificates” category for SMIME and Code Signing:
3. Please select the certificate you wish to order and click “Order Now”
You will be presented with a screen where you can select options such as auto renewal or subscription period:
5. Once you choose your preferred options, click Order and you will be taken to the order details page:
6. In order to request a certificate, you have to provide customers details and generate CSR:
IMPORTANT:
The email address you provide on the below screen is the one that will be used for validation and certificate delivery, for example: yourname@domain.com.
The only validation option for SMIME and Code Signing certificates is email validation and the applicant's/certificate user email address must be used.
When generating the CSR for Code Signing please choose 4096bit key size.
For SMIME, 2048bit key size is required.
NOTE:
For Code Signing certificate the field General domain is removed and for common name the Organization name will be used (it will match your company name)
7. Once you generate the CSR, click on Request and the order will be sent to CA. Depending on the selected certificate, the validation can take from 15 minutes to a few business days.
The email address used for validation will be visible under the generated CSR.
When transacting through API, you should use the following ProductId when requesting a specific certificate:
Code Signing - 58
Code Signing EV - 59
S/MIME Personal - 60
S/MIME Pro - 61
Validation process
Depending on the certificate type, the validation process will differ and it will be as follows:
S/MIME Personal it is very simple - when ordering the certificate, you are obligated to provide an email address that will be used with the certificate.
After the certificate is requested, you will receive an email message with a link to validate ownership of the email address.
Once you do that, the certificate will be downloadable from the same website used for validation. The whole process takes up to 15 minutes and it is pretty much fully automated.
S/MIME PRO - When ordering the certificate, you are obligated to provide an email address that will be used with the certificate.
These certificates follow standard OV validation steps and it can take up to 24 - 72h to be validated and issued. Once the validation is completed, you will receive an email with a link to download the certificate, similar to the Personal variant of S/MIME.
Code Signing validation process is similar to OV certificates validation - When ordering the certificate, you are obligated to provide an email address that will be used with the certificate.
CA will validate the company and details such as operational existence, physical existence, business phone number, government-issued ID of the requestor and authenticity of the order (which is a callback from CA using the provided business email address).
Once the validation is completed, you will receive an email to confirm ownership of the email address.
Afterwards the certificate can be downloaded from the dedicated link provided by Sectigo.
Code Signing EV - When ordering the certificate, you are obligated to provide an email address that will be used with the certificate.
Validation process is similar to EV certificates validation (CA validates your organization details but also applicants ID documents) and it can take between 1 to 5 business days to validate the certificate.
The biggest difference between standard Code Signing and EV variant is that you receive a EV Code Signing certificate and key to the address used during the enrollment process.Yes, the EV Code Signing certificate is physically mailed to you using a mail carrier such as FedEx or UPS. This is because of the security requirements that dictate all EV Code Signing private keys be kept off the device to ensure maximum security.
The delivery time usually takes up to 2 weeks. You can find more details on the process in Sectigo’s Knowledge Base
NOTE: For all above certificates the only validation method in e-mail. Neither files based validation nor DNS validation is possible. In addition all certificates require a domain name and a CSR.