Authenticated Content Signing Portal - FAQs - Content Signing from VeriSign, Inc.

You Are Here:

US Home > Products & Services > Security Services > Code Signing > ACS Portal > FAQs

Authenticated Content Signing Portal

Learn More

FAQs

Existing Customers

FAQs

What is the Mobile2Market program?

Microsoft’s Mobile2Market program helps developers build, certify, and sign their code. Enrollment into this program may be required prior to deploying your applications to mobile operator networks. For additional information, please see the following FAQ page: http://msdn2.microsoft.com/en-us/windowsmobile/bb250549.aspx.

Why should I choose VeriSign ACS?

VeriSign ACS Portal offers you a cost-effective, fully-automated, online and highly secure content signing service for Microsoft Windows Mobile applications from the leader in content signing services.

What is an ACS Publisher ID?

The ACS Publisher ID is the digital certificate you receive when you enroll for the ACS Portal. Your Publisher ID has two uses:

To sign your application files
To access the ACS Portal to re-sign your files, purchase additional signing events, and access a host of other features that the ACS Portal offers.

What is an ACS Content ID?

The ACS Content ID is generated to "re-sign" your signed files after your digital signature is verified. This certificate is based on the private root associated with either the platform or the carrier you are signing your applications for.

Why do I need to get 2 different certificates?

The ACS Publisher ID is the developer-signing certificate and is used to sign code prior to uploading the code to the ACS Portal for "re-signing". ACS Content ID certificates are generated when you get your signed code "re-signed". When you upload signed code to the ACS Portal, we check the validity of the signature in real time, strip off this signature and re-sign using a Content ID certificate that (a) carries application specific information (b) chains up to the private root CA associated with the platform or carrier you are signing your applications for. The Content ID is unique to each piece of content and is the only signature that will be trusted on the end-user device for secure downloading and execution.

I understand VeriSign will authenticate and verify my company credentials before issuing the certificate to me. What is this process?

That’s correct. VeriSign has a proven methodology, expertise and the infrastructure to authenticate and verify businesses prior to issuing Class 3 certificates such as code signing. This is a necessary process prior to issuing code signing certificates including ACS Publisher IDs to you. Please click here to learn more about this process and what’s required to make this as streamlined and painless as possible.

How long will it take to get my application signed?

If you are a first time ACS customer, you first need to obtain an ACS Publisher ID certificate with USB token to sign Microsoft Windows Mobile applications. Use your Publisher ID to sign your code and then upload it to the ACS Portal. The Web-based service re-signs your code and makes it available for download within a few seconds. See below for details and exceptions:

Notes:

Signing for the Microsoft Mobile2Market Program:
If you are participating in the Microsoft Mobile2Market program and looking to getting your applications signed, note that we support both Normal (Unprivileged) and Privileged mode signing Both are available for all developers through the signing portal by default. However, to have your application signed by the MS Windows Mobile Privileged signing, you need to fill out this Request Form and upload with your application. You will also need to submit your application to a Microsoft-approved Test House. Your application may be signed after Microsoft reviews the form and the test results.
Signing your applications for Verizon Wireless with privileged certificates:
If you are developing privileged mode applications for Verizon Wireless and are required to get your application(s) signed with the Verizon Privileged certificate, you must contact your Verizon Wireless contact and have them authorize VeriSign to grant your ACS Publisher ID access to the Verizon Privileged signing service. Please note that you must have a valid ACS Publisher ID before VeriSign can provide you access. Providing access is a simple step. Typically, access to the Verizon Privileged signing service is provided within 1 business day of receiving the authorization from Verizon Wireless. More details on how to contact Verizon Wireless for privileged mode signing access can also be found at http://www.handango.com/Article.jsp?siteId=1&CKey=1_VerizonSigningDetails
Signing your applications for Nextel-Sprint with privileged certificates:
If you are developing privileged mode applications for Nextel-Sprint and are required to get your application(s) signed with a Nextel-Sprint Privileged certificate, you must contact Nextel at: Nextel@custhelp.com. Nextel-Sprint will supply prospective developers with instructions on how to submit an application which will be evaluated for authorization to their signing services. Proper permission from Nextel-Sprint is required before any Portal Account can be updated to access their signing services. For more information on their program, visit http://developer.sprint.com.

What constitutes a "signing event"?

A signing event involves the generation of a single-use ACS Content ID digital certificate that chains up to the private root associated with the platform or carrier you are signing your applications for. A signing event will be used for each application signed. For example, if you have a Microsoft Windows Mobile applications which consists of 1 cab file containing 1 exe and 1 dll file, signing your application generates 3 signatures - 1 each for the dll, exe, and the cab file – but only 1 signing event is consumed. Note that this may be different for other platforms that VeriSign ACS supports.

What do I do if I run out of signing events?

If you have a valid Publisher ID certificate and you run out of ACS Content IDs (signing events), log in to the ACS Portal and purchase additional ACS Content ID bundles (signing event bundles).

What kind of files do I need to get signed?

Microsoft specifies that you need to sign your dll, exe, mui and cab files. The ACS Portal automates the signing of all these kinds of files – just upload the cab file and request to have the cab file signed. The ACS Portal will automatically generate and apply signatures to all the required files.

How do I sign code using my Publisher ID certificate?

When you sign up for the ACS for Microsoft Windows Mobile service, your Publisher ID certificate is installed on the USB token provided to you.

You can access your certificate and sign your code using the standard Microsoft File Signing Tool, "signcode.exe."

What do I do if I lose my USB token with my Publisher ID on it (only for ACS Publisher ID with Smartcard)?

Your token and Publisher ID cannot be replaced. If your USB token is lost, there is a potential compromise of your private key. You must revoke your Publisher ID and enroll for a new Publisher ID. A new USB token can be ordered via the ACS Portal.

What do I do if I lose the token password (only for ACS Publisher ID with USB token)?

Your token password cannot be recovered or replaced. Keep your token password in a secure place in case you need to refer to it. If you forget or lose the token password, you will not be able to access your Publisher ID. You must revoke your Publisher ID and enroll for a new Publisher ID. You will also need to initialize your USB token.

What do I do if I delete the ACS Publisher ID approval e-mail with my PIN number?

Please call VeriSign Customer Support at 1-877-GET-VRSN and we will send you your PIN number after we verify your identity.

I have received an ACS Publisher ID approval e-mail from VeriSign - what do I do next?

For ACS Publisher IDs with USB tokens, please wait to get your blank USB token in the mail. Follow instructions provided here. Then follow the link in the approval e-mail to pick up and install your ACS Publisher ID on the token.

Where is my USB token (only for ACS Publisher ID with USB token)?

You should receive your USB token in 2-4 business days after VeriSign has approved your Publisher ID.

Where can I get user documentation for the ACS Portal?

Once you have your Publisher ID, and you access your account, click on the Resource Center tab and then the Product Documentation link. From there you can download the “Code Signng Portal for Publisher Administrator Guide” which will provide step-by-step directions for accomplishing tasks.

Is there a way to script the process of getting my applications signed?

Yes – there is a SOAP-based API. Once you have your Publisher ID, access your account and click on the Resource Center tab and then the Product Documentation link. From there you can download a zip file that contains information and examples by clicking on “Signing Portal Publisher API”