{"id":8566,"date":"2025-10-03T14:43:13","date_gmt":"2025-10-03T17:43:13","guid":{"rendered":"https:\/\/www.certisur.com\/?page_id=8566"},"modified":"2025-10-03T12:56:04","modified_gmt":"2025-10-03T15:56:04","slug":"changes-code-signing-certificates-2","status":"publish","type":"page","link":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/","title":{"rendered":"Changes Code Signing Certificates"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"8566\" class=\"elementor elementor-8566 elementor-8565\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cc9c265 cs-elementor-noticia-header elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc9c265\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-07d5b79\" data-id=\"07d5b79\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-977de0b elementor-widget elementor-widget-heading\" data-id=\"977de0b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Changes Code Signing Certificates<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fdd2c6d elementor-widget elementor-widget-text-editor\" data-id=\"fdd2c6d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6251c41 cs-elementor-noticia-header-date elementor-widget elementor-widget-text-editor\" data-id=\"6251c41\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tOctober 3, 2025\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d15bf8 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5d15bf8\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-63c4f558 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"63c4f558\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-70f0973b\" data-id=\"70f0973b\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-281ce271 elementor-widget elementor-widget-text-editor\" data-id=\"281ce271\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This change is to comply with industry standards. These new RSA key size requirements apply to the complete certificate chain: end-entity, intermediate CA, and root. Note that ECC key requirements remain unchanged.<\/p><ul><li>Code signing certificates issued before May 27 require no change and will work until they expire.<\/li><li>After May 27, new, renewed, and reissued code signing certificates from DigiCert will automatically issue with new intermediate CAs and roots.<\/li><li>After May 27, all code signing certificates will require CSRs with 3072-bit or larger RSA keys. EV code signing certificates will need a new token or an HSM that supports at least 3072-bit keys. Currently most tokens and HSMs only support the smaller 2048-bit keys.<\/li><\/ul><p><span style=\"text-decoration: underline;\"><strong>Where are the new intermediate CA and root certificates?<\/strong><\/span><\/p><p>DigiCert Trusted Authority Root Certificates<\/p><ul><li><a href=\"https:\/\/knowledge.digicert.com\/content\/dam\/digicertknowledgebase\/attachments\/code-signing\/roots\/digicert-trusted-root-g4.cer\">DigiCert Trusted G4 <\/a><strong>(RSA default)<\/strong><\/li><li><a href=\"https:\/\/knowledge.digicert.com\/content\/dam\/digicertknowledgebase\/attachments\/code-signing\/roots\/digicert-global-root-g3.cer\">DigiCert Global Root G3<\/a> <strong>(ECC default)<\/strong><\/li><li><a href=\"https:\/\/cacerts.digicert.com\/DigiCertCSRSA4096RootG5.crt.pem\">DigiCert CS RSA 4096 Root G5<\/a><\/li><li><a href=\"https:\/\/cacerts.digicert.com\/DigiCertCSECCP384RootG5.crt.pem\">DigiCert CS ECC P384 Root G5<\/a><\/li><\/ul><p>DigiCert Intermediate CA Certificates<\/p><ul><li><a href=\"https:\/\/knowledge.digicert.com\/content\/dam\/digicertknowledgebase\/attachments\/code-signing\/ica\/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.cer\">DigiCert Global G3 Code Signing ECC SHA384 2021 CA1<\/a><\/li><li><a href=\"https:\/\/knowledge.digicert.com\/content\/dam\/digicertknowledgebase\/attachments\/code-signing\/ica\/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cer\">DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1<\/a><\/li><\/ul><p>DigiCert Root Certificate Download Site<\/p><ul><li><a href=\"https:\/\/www.digicert.com\/kb\/digicert-root-certificates.htm\">https:\/\/www.digicert.com\/kb\/digicert-root-certificates.htm<\/a><\/li><\/ul><p><span style=\"text-decoration: underline;\"><strong>What if I need to reissue a code signing certificate?<\/strong><\/span><\/p><p>All code signing certificates reissued after May 27 will include the new intermediate and root certificates.<\/p><p>If your environment includes hard-coded or hard-coded references to the previous root and intermediate certificates, you will need to update your environment, adding the new certificates.<\/p><p>For EV code signing certificates, a token or HSM is required that supports at least the RSA key size of 3072 bits.<\/p><p><span style=\"text-decoration: underline;\"><strong>Pin, Hard Code or Trust Store for your code signing certificates?<\/strong><\/span><\/p><p>You need to update your environment with the new root and intermediate CA. It is recommended that you stop pinning and hardcoding certificates. Before putting a Code Signing certificate issued after May 27, 2021 online, make sure the certificates are trusted and connect them to the new Intermediate CA and DigiCert Trusted Root G4.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates. This change is to comply with industry standards. These new RSA key size requirements apply to the complete certificate chain: end-entity, intermediate CA, and root. Note that ECC key requirements remain unchanged. Code signing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8427,"parent":4975,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[69],"class_list":["post-8566","page","type-page","status-publish","has-post-thumbnail","hentry","category-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CertiSur<\/title>\n<meta name=\"description\" content=\"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Changes Code Signing Certificates - CertiSur\" \/>\n<meta property=\"og:description\" content=\"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/\" \/>\n<meta property=\"og:site_name\" content=\"CertiSur\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CertiSur\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1413\" \/>\n\t<meta property=\"og:image:height\" content=\"798\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CertiSur\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/\",\"url\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/\",\"name\":\"Changes Code Signing Certificates - CertiSur\",\"isPartOf\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg\",\"datePublished\":\"2025-10-03T17:43:13+00:00\",\"description\":\"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage\",\"url\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg\",\"contentUrl\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg\",\"width\":1413,\"height\":798,\"caption\":\"Estudio CertiSur\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"News\",\"item\":\"https:\/\/www.certisur.com\/en\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Changes Code Signing Certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.certisur.com\/en\/#website\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"name\":\"CertiSur\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.certisur.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\",\"name\":\"CertiSur\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"contentUrl\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"width\":3075,\"height\":2483,\"caption\":\"CertiSur\"},\"image\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CertiSur\",\"https:\/\/x.com\/CertiSur\",\"https:\/\/www.youtube.com\/c\/TecnologaCertiSur\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CertiSur","description":"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/","og_locale":"en_US","og_type":"article","og_title":"Changes Code Signing Certificates - CertiSur","og_description":"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.","og_url":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/","og_site_name":"CertiSur","article_publisher":"https:\/\/www.facebook.com\/CertiSur","og_image":[{"width":1413,"height":798,"url":"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@CertiSur","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/","url":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/","name":"Changes Code Signing Certificates - CertiSur","isPartOf":{"@id":"https:\/\/www.certisur.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage"},"image":{"@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg","datePublished":"2025-10-03T17:43:13+00:00","description":"Starting from May 27, 2021, 14:00 MDT (20:00 UTC), DigiCert\u00ae will require 3072-bit RSA keys or larger for code signing certificates.","breadcrumb":{"@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#primaryimage","url":"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg","contentUrl":"https:\/\/www.certisur.com\/wp-content\/uploads\/Estudio-Dalessio-y-Certisur.jpg","width":1413,"height":798,"caption":"Estudio CertiSur"},{"@type":"BreadcrumbList","@id":"https:\/\/www.certisur.com\/en\/news\/changes-code-signing-certificates-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"News","item":"https:\/\/www.certisur.com\/en\/news\/"},{"@type":"ListItem","position":2,"name":"Changes Code Signing Certificates"}]},{"@type":"WebSite","@id":"https:\/\/www.certisur.com\/en\/#website","url":"https:\/\/www.certisur.com\/en\/","name":"CertiSur","description":"","publisher":{"@id":"https:\/\/www.certisur.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.certisur.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.certisur.com\/en\/#organization","name":"CertiSur","url":"https:\/\/www.certisur.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","contentUrl":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","width":3075,"height":2483,"caption":"CertiSur"},"image":{"@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CertiSur","https:\/\/x.com\/CertiSur","https:\/\/www.youtube.com\/c\/TecnologaCertiSur"]}]}},"_links":{"self":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/8566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/comments?post=8566"}],"version-history":[{"count":1,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/8566\/revisions"}],"predecessor-version":[{"id":8567,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/8566\/revisions\/8567"}],"up":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/4975"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/media\/8427"}],"wp:attachment":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/media?parent=8566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/categories?post=8566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}