How long is a code signing certificate valid?

Normally one year, but you may be able to order code signing certificates that lasts up to 5 years.

Is it necessary to resign apps or files after the code signing certificate has expired?

No, because together with your digital signature a timestamp is included and therefore the signature of a signed app or file never expires – even if your certificate itself expired already.

Do I have to resubmit an app to Intel AppUp after the code signing certificate expired?

As the signature of the app itself does not expire (see above), this is not necessary. Only if you want to release an update, you have to sign the app again and resubmit it afterwards.

How many apps or files can I sign with one code signing certificate?

There is no limit: you can sign any number of apps or files with just one code signing certificate.

What documents are needed to obtain a code signing certificate?

Depending on whether you request the code signing certificate as an individual person or a company, you may need an articles of incorporation or a business license. You should also be prepared that you may be asked for a copy of your phone bill. Then somebody will call you at the phone number stated on this bill to verify it is valid.

How to obtain a certificate and how to sign files?

Do you have more questions?
Just leave a comment and I’ll try my best to answer them.

But why is the digital signature of binary files so important?

If a binary file is digitally signed the user, who wants to execute the file, can make sure it is the original file and it was not modified in any way. Additionally Windows Vista and Windows 7 User Account Control displays

instead of this ugly message box:Beside that also app store systems like Intel AppUp require that your setups are being digitally signed.

To start you will first need a code signing certificate. If you are a developer in the Intel AppUp program, you get this directly from the AppUp developer website. Otherwise you can get cheap certificates from Comodo here: http://codesigning.ksoftware.net

After you have received your code signing certificate, you can use a small GUI application for signing binary files.

Or, if you don’t like GUI applications or want to include the signing into your build process, you can create a small batch file like this and just drag & drop the binary file that you want to sign on this batch file (or pass it as parameter):

signtool.exe sign /f "certificate.pfx" /p "password" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "%1"

Obviously you need to exchange certificate.pfx with the file name of your certificate (which should be placed in the same directory as the batch file and the file signtool.exe) and password with your certificate password that you have chosen while exporting it from your web browser. To get the file signtool.exe, you need to download the free Microsoft Windows SDK.

Here are some frequently asked questions on code signing certificates and digital signature.

Do you already digitally sign your binary files, too?