Code Signing certificates are changing over to a token

(10. 5. 2023) It is our duty to inform you that all Code Signing certificates must be issued in a secure repository from 16/5/2023. This is a token or HSM. The token must meet FIPS 140-2 Level 2 or Common Criteria EAL 4+ certification.

What is changing?

All Code Signing certificates must be issued in a secure repository from 16/5/2023. This is a token or HSM. The token must meet FIPS 140-2 Level 2 or Common Criteria EAL 4+ certification.

When does the change apply?

The change applies to all certificates issued after the mentioned date. As of 16/5, the token is the default code signing certificate storage option. It will no longer be possible to issue a certificate without a token and it will not be possible to store it, for example, in a PFX file.

Who does the change apply to?

This change is valid for the entire industry, therefore also for all certification authorities. There is no point in searching for an authority who will issue the certificate without a token, because all the recognized ones have to do it.

What do we recommend?

We recommend that you extend the certificate to the maximum validity period while there is time. Otherwise you need to buy a token for 80 USD (orders after 16th of May).

Do not hesitate to contact us at any time.

Source: KB DigiCert