To avoid trust issues with digital signatures, SSL.com recommends that customers with EV Code Signing and Business Identity (document signing) certificates install a complete chain of trust with all required intermediate and root certificates in their computer’s certificate store. This how-to provides instructions for downloading and installing these files on Windows and macOS.
SSL.com also recommends that you install these certificates directly onto your YubiKey FIPS token.
Step 1: Download Certificate Bundle
Begin by downloading and unzipping the correct bundle for your certificate type:
- Business Identity (RSA): SSL_COM_DS_BUNDLE.chained.crt
- EV Code Signing (RSA): SSL_COM_EV_CS_BUNDLE.chained.crt
Step 2: Install Certificate Bundle
Windows
- Double-click the certificate bundle you downloaded and unzipped in the previous step.
- If a security warning dialog box appears, click the Open button to dismiss it.
- Click the Install Certificate button.
- Make sure Current User is selected, then click the Next button.
- Make sure Automatically select the certificate store based on the certificate type is selected, then click the Next button.
- Click the Finish button.
- Click the OK button to close the dialog box.
- Click the OK button to close the Certificate window.
macOS
- Double-click the certificate bundle you downloaded and unzipped in the previous step.
- A dialog box will appear. Make sure the login keychain is selected and click the Add button.
- Keychain Access will open. You can check that the correct intermediate certificate was installed by selecting Certificates in the left-hand Category, then typing “ssl.com client” (for document signing) or “ssl.com ev code” (for EV code signing) in the search field. The newly-installed intermediate should be visible in the search results.
4. Quit Keychain Access by selecting Keychain Access > Quit Keychain Access from the menu.
