Code signing certificates are used to attest that a binary is unmodified and came from a specific party. Computer systems can be set to give more trust to code signed by specific entities. The maximum length of validity for a code signing certificate, as of 2026 March 1, is being reduced from 39 months to 15 months (being reduced from a little over 3 years to a little over 1 year). The reason for this is easy to understand. If a certificate is ever compromised, the length time it could be used for dubious purposes is also reduced. This isn’t entirely dissimilar to shortening the length of time that one uses a password. If the password is compromised, the potential for mischief is reduced with more frequent password rotations.

Depending on the process that one goes through to get a certificate though it can increase inconvenience. Speaking for myself, I have to get a letter from an accountant or lawyer attesting certain details about me. I took this last opportunity and secured a certificate key for the 39 month time period, though I still have valid time remaining on the certificate that I already had in hand. Since the certificate itself cannot be copied off of the key, the chief action to keep the certificate safe is to keep the physical key secure. That won’t be a challenge since I’ve got an uncompromising set of rules for handling the key in furtherance of keeping it safe.

If you would like to know more about code signing certificates, I’ve written about them before. You can find my previous post here.

Posts may contain products with affiliate links. When you make purchases using these links, we receive a small commission at no extra cost to you. Thank you for your support.

Mastodon: @j2inet@masto.ai
Instagram: @j2inet
Facebook: @j2inet
YouTube: @j2inet
Telegram: j2inet
Twitter: @j2inet