Sourcing code-signing certificates externally is a good solution for a small number of engineers. There are many trustworthy certification authorities out there, where code-signing certificates can be bought. You can usually enroll for these certificates through an online responder. The generated certificate will most likely be placed in your personal certificate store:

Your certificate is not only a picture ID that proves your identity; it is also a way of legally signing documents. So, at all times, protect the private key of your certificate with a strong password, by placing it on a smart card, or through other means. Anyone who wants to encrypt data for you or wants to verify your signature only needs your public key.

With each certificate, there are additional properties attached to it, going beyond the scope of this book. Some important properties are the location of the Certificate Revocation List (CRL), which is checked when validating your certificate. In the case of a breach of security or mishaps during the certificate creation process, CAs might elect to revoke certificates, thereby invalidating them.