CODE SIGNING BEST PRACTICES

Best practices for managing the Code Signing process

We recommend that all Code Signing Certificate customers, and more specifically those involved in the code signing process (e.g. software developers), follow the best practices described below.

When you request a code signing certificate from Actalis it is assumed that you have read and understood these guidelines.

“Code” refers to any type of executable code (e.g. application, Java applet, software library, script, MS Office macro, etc.) that is subject to the Code Signing process.

  • Maximum certificate lifespan from September 1, 2020
    A major browser vendor recently announced that as of Sept. 1, 2020 it will no longer consider as valid and secure SSL certificates issued after this date with validity of more than 398 days (equal to one year + 1 month).
    For this reason, from August 3, 2020, SSL certificates issued by Actalis will have a maximum validity of one year, net of the notice period for renewal.
    Until August 3, 2020, however, SSL certificates with 24 months validity can still be purchased and activated as those activated before this date will still be considered valid until their expiry.
  • EIDAS certificates for PSD2
    The entry into force of the second European Payment Services Directive (PSD2) has triggered a revo­lution in the world of online payments. By mid-September 2019, the transactions between EU banks and third-party payment service providers (TPPs) must be secured by qualified certificates complying with the eIDAS regulation: qualified certificates for websites (QWAC) and/or qualified certificates for electronic seal (QSEalC) containing certain PSD2-related information about the Subject. If you need these certificates, please write to [email protected]