Just like SSL, Code Signing certificates expire and need to be replaced. After your code signing certificate expires you will not be able to sign any new code. The good news is that your previously signed and timestamped code will still have a valid signature after the certificate expires.
You must renew the certificate if you need to apply new signatures to new or changed code, i.e. version updates, patches, etc. You should plan to start the renewal process for your Code Signing certificate early, before your current certificate expires. In many cases, renewing a Code Signing Certificate does require re-validation of the information on the certificate, which can take a few days to complete.
How to Renew Your Code Signing Certificate
RapidSSLOnline sends email reminders when it's getting close to time to renew your Code Signing certificate. You can purchase another certificate through the email reminders, or you can simply purchase the product you need directly on our website.
Renewing a certificate is the same as buying a new one. After purchasing, you will receive a blank certificate that you can generate with the required information for your Code Signing certificate request.
Purchase a new Code Signing certificate order on your account. You can purchase through our renewal reminder emails, or you can add the product to your cart from the storefront page.
After purchasing, you will generate the certificate on your account. We recommend using the DigiCert Certificate Utility to create your Certificate Signing Request (CSR).
Related Article: How to Generate Code Signing CSR Using DigiCert Certificate Utility
You may need to help DigiCert re-validate your organization details, including a verification phone call. In some cases, this process can be completed very quickly based on the previous order's validation.
Related Article: How to Complete Organization Validation for DigiCert Code Signing
Once the certificate is validated, you will receive an email from DigiCert with a link to download your new certificate. Simply select the certificate file from the drop-down menu and save the file to your system.
5. Create the PFX
You will need to create your Code Signing PFX file by combining the downloaded certificate with the matching private key. If you used the DigiCert Certificate Utility to create the CSR, you can simply import the certificate file into the utility to pair it with the key, and then export the PFX file.
Related Article: Create PFX with DigiCert Certificate Utility
Once you have your Code Signing PFX file, you can start signing code again.
Renewing EV Code Signing Certificates
Renewing an EV Code Signing certificate is also the same as buying a new one. These certificates are issued on physical USB tokens that must be replaced after the certificate expires. After completing the Extended Validation process with the CA, they will mail you a new USB token to use in place of the expired one.