{"id":6177,"date":"2023-03-22T10:23:37","date_gmt":"2023-03-22T13:23:37","guid":{"rendered":"https:\/\/www.certisur.com\/?page_id=6177"},"modified":"2023-05-02T16:56:41","modified_gmt":"2023-05-02T19:56:41","slug":"code-signing-certificate-requirements","status":"publish","type":"page","link":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/","title":{"rendered":"Code Signing Certificate Requirements"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"6177\" class=\"elementor elementor-6177 elementor-6176\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cc9c265 cs-elementor-noticia-header elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc9c265\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-07d5b79\" data-id=\"07d5b79\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-977de0b elementor-widget elementor-widget-heading\" data-id=\"977de0b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Code Signing Certificate Requirements<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fdd2c6d elementor-widget elementor-widget-text-editor\" data-id=\"fdd2c6d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Industry postponed implementation until June 1, 2023, to allow more time to prepare for the new OV Code Signing Certificate private key storage requirement.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6251c41 cs-elementor-noticia-header-date elementor-widget elementor-widget-text-editor\" data-id=\"6251c41\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t22 March, 2023\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d15bf8 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5d15bf8\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3738769c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3738769c\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-79bf2abe\" data-id=\"79bf2abe\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4fca2690 elementor-widget elementor-widget-text-editor\" data-id=\"4fca2690\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Starting <strong>June 1, 2023 00:00 UTC<\/strong>, <strong>industry standards will require that private keys for OV code signing certificates be stored on hardware certified as: FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent.<\/strong> This change strengthens private key protection for code signing certificates and aligns it with Extended Validation (EV) code signing certificate private key protection. Here you can find the new CAB Forum provision: <a href=\"https:\/\/cabforum.org\/baseline-requirements-code-signing\/\">https:\/\/cabforum.org\/baseline-requirements-code-signing\/<\/a><\/p>\n<p>The new key storage requirement affects code signing certificates issued on or after June 1, 2023, and impacts the following parts of your code signing process:<\/p>\n<ul>\n<li>Private key storage and certificate installation \u2013 June 1, 2023<\/li>\n<li>Code Signing<\/li>\n<li>Application and renewal of certificates<\/li>\n<li>Reissue of certificates<\/li>\n<\/ul>\n<p><strong>Private key storage and certificate installation: June 1, 2023<\/strong><\/p>\n<p>This new requirement means that Certificate Authorities (CAs) can no longer support browser-based key generation, as well as any process that includes creating a CSR (Certificate Signing Request) and installing your certificate on a laptop or server. <strong>Private keys and certificates must be stored and installed in tokens or HSMs (Hardware Security Modules)<\/strong> certified to at least FIPS 140-2 Level 2 or Common Criteria EAL 4+.<\/p>\n<p><strong>Code Signing \u2013 June 1, 2023<\/strong><\/p>\n<p>To use a code signing certificate installed on a device, you need access to the token or HSM and your credentials. For example, you need to connect the token to your computer, and then you need the password to sign your code with the code signing certificate in the token.<\/p>\n<p><strong>Request and renewal of code signing certificates \u2013 June 1, 2023<\/strong><\/p>\n<p>When requesting and renewing an OV code signing certificate, you must select a provisioning method. In other words, choose the hardware to store the private key. You have three provisioning options.<\/p>\n<ul>\n<li>Use a Token provided by CertiSur<\/li>\n<li>Use your own compatible token<\/li>\n<li>Install on a hardware security module (HSM)<\/li>\n<\/ul>\n<p>Hardware tokens and HSM devices must be FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent. <strong>To use an HSM, you must submit a certification letter that includes an audit letter.<\/strong><\/p>\n<p><strong>Reissuance of certificates \u2013 June 1, 2023<\/strong><\/p>\n<p>When reissuing code signing certificates, you must install the certificate in a compatible token or HSM. If you do not have a token, you can purchase a Safenet 5110 FIPS 140 Level 2 branded eToken.<\/p>\n<p><strong>Do you want to eliminate the need for individual tokens?<\/strong><\/p>\n<p>Transition to <a href=\"https:\/\/www.digicert.com\/signing\/secure-software-manager\">DigiCert\u00ae Secure Software Manager<\/a> (SSM) to enhance the security of your software with code signing workflow automation that reduces points of vulnerability with end-to-end security and control across the enterprise; in the code signing process, all without slowing down your process.<\/p>\n<p>Main features:<\/p>\n<ul>\n<li>Key storage in industry-compliant HSM<\/li>\n<li>Application of policies<\/li>\n<li>Centralized management<\/li>\n<li>Integration with CI\/CD (Continuous Integration\/Continuous Delivery)<\/li>\n<li>And more<\/li>\n<\/ul>\n<p>To learn more about how DigiCert\u00ae Secure Software Manager has helped other organizations, see the case study <a href=\"https:\/\/www.digicert.com\/content\/dam\/digicert\/pdfs\/case-study\/dena-case-study-en.pdf\">Automated Signature Speeds Build Times While Improving User Experience.<\/a><\/p>\n<p>We have put into this document all the information we have up to now about the changes required by the CAB Forum. As we have new information about the installation mechanism and use of the Code Signing certificate from a token, an HSM or through the Secure Software Manager (SSM) we will contact you again.<\/p>\n<p><strong>Do you need help, do you have questions? <\/strong><\/p>\n<p>If you have questions or would like more information about upcoming industry changes, please contact us by sending an email to <a href=\"mailto:soporte@certisur.com\">soporte@certisur.com<\/a><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7dc73d89 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"7dc73d89\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Industry postponed implementation until June 1, 2023, to allow more time to prepare for the new OV Code Signing Certificate private key storage requirement. Starting June 1, 2023 00:00 UTC, industry standards will require that private keys for OV code signing certificates be stored on hardware certified as: FIPS 140 Level 2, Common Criteria EAL [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":4975,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[69],"class_list":["post-6177","page","type-page","status-publish","hentry","category-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CertiSur<\/title>\n<meta name=\"description\" content=\"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Code Signing Certificate Requirements - CertiSur\" \/>\n<meta property=\"og:description\" content=\"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/\" \/>\n<meta property=\"og:site_name\" content=\"CertiSur\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CertiSur\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-02T19:56:41+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CertiSur\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/\",\"url\":\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/\",\"name\":\"Code Signing Certificate Requirements - CertiSur\",\"isPartOf\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#website\"},\"datePublished\":\"2023-03-22T13:23:37+00:00\",\"dateModified\":\"2023-05-02T19:56:41+00:00\",\"description\":\"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"News\",\"item\":\"https:\/\/www.certisur.com\/en\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Code Signing Certificate Requirements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.certisur.com\/en\/#website\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"name\":\"CertiSur\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.certisur.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\",\"name\":\"CertiSur\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"contentUrl\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"width\":3075,\"height\":2483,\"caption\":\"CertiSur\"},\"image\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CertiSur\",\"https:\/\/x.com\/CertiSur\",\"https:\/\/www.youtube.com\/c\/TecnologaCertiSur\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CertiSur","description":"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/","og_locale":"en_US","og_type":"article","og_title":"Code Signing Certificate Requirements - CertiSur","og_description":"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.","og_url":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/","og_site_name":"CertiSur","article_publisher":"https:\/\/www.facebook.com\/CertiSur","article_modified_time":"2023-05-02T19:56:41+00:00","twitter_card":"summary_large_image","twitter_site":"@CertiSur","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/","url":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/","name":"Code Signing Certificate Requirements - CertiSur","isPartOf":{"@id":"https:\/\/www.certisur.com\/en\/#website"},"datePublished":"2023-03-22T13:23:37+00:00","dateModified":"2023-05-02T19:56:41+00:00","description":"Private keys for OV code signing certificates must be stored on FIPS 140 Level 2 certified hardware.","breadcrumb":{"@id":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.certisur.com\/en\/news\/code-signing-certificate-requirements\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"News","item":"https:\/\/www.certisur.com\/en\/news\/"},{"@type":"ListItem","position":2,"name":"Code Signing Certificate Requirements"}]},{"@type":"WebSite","@id":"https:\/\/www.certisur.com\/en\/#website","url":"https:\/\/www.certisur.com\/en\/","name":"CertiSur","description":"","publisher":{"@id":"https:\/\/www.certisur.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.certisur.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.certisur.com\/en\/#organization","name":"CertiSur","url":"https:\/\/www.certisur.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","contentUrl":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","width":3075,"height":2483,"caption":"CertiSur"},"image":{"@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CertiSur","https:\/\/x.com\/CertiSur","https:\/\/www.youtube.com\/c\/TecnologaCertiSur"]}]}},"_links":{"self":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/6177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/comments?post=6177"}],"version-history":[{"count":0,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/6177\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/4975"}],"wp:attachment":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/media?parent=6177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/categories?post=6177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}