🥇 New private key storage requirement for Standard Code Signing certificates - November 2022 - SSLPOINT

New private key storage requirement for Standard Code Signing certificates – November 2022

Description

Starting November 15th, 2022 at 00:00 UTC, all private keys for standard code signing certificates must be stored on hardware that is certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This change strengthens private key protection for code signing certificates and aligns it with the security standards for EV (Extended Validation) code signing certificates.

New Requirements for Standard Code Signing

The new private storage key requirement will affect code signing certificates issued from November 15th, 2022 onwards, and will have impact on the following parts of your signing process:

* Private key storage and certificate installation
* Signing code
* Ordering and renewing certificates
* Reissuing certificates

Ordering and renewing code signing certificates

This new requirement means that Certificate Authorities (CAs) will no longer be able to support browser-based key generation and certificate installation, or any other process that includes creating a CSR (Certificate Signing Request) and installing your certificate on a laptop or server.

Reissuing certificates after November 15, 2022

When reissuing code signing certificates, you must install the certificate on a supported hardware token or HSM. If you do not have a token, you can purchase a token from the Certificate Authority at that time.

Alternative to hardware tokens

SSLPOINT partners with Certum, the leading Certificate Authority in Europe, to bring you the “Code Signing in the Cloud” product line as an alternative. With this software-based solution, the private key is stored in an virtual vault and therefore meets the high requirements of the industry standard. No additional hardware token is required.

Certum “Code Signing in the Cloud” offers an attractive pricing model, excellent support and rapid issuance as additional features.
You can order Certum “Code Signing in the Cloud” certificates here: Certum Code Signing Certificates