Signing software or a script conveys a feeling of security and additional quality. But there is not always a reason for this. How does code signing work? Which self-hosted infrastructure or cloud services are required? Which certificate is required, on which machines and how? How does the timestamp function work and why is it important? After answering these questions, we will look at when code signing increases security and when it is just a feeling of security and what the dos and don'ts are.