OV code signing certificates requirements are changing
Starting on November 15, 2022, at 00:00 UTC, industry standards will require private keys for OV code signing certificates to be stored on hardware certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This change strengthens private key protection for code signing certificates and aligns it with EV (Extended Validation) code signing certificate private key protection. See Code Signing Baseline Requirements, current version.
How do these new requirements affect my code signing certificate process?
The new private storage key requirement affects code signing certificates issued from November 15, 2022, and impacts the following parts of your code signing process:
Want to eliminate the need for individual tokens?
Transition to DigiCert® Secure Software Manager to improve your software security with code-signing workflow automation that reduces points of vulnerability with end-to-end company-wide security and control in the code signing process—all without slowing down your process.
To learn more about how DigiCert Secure Software Manager has helped other organizations, see our case study Automated Signing Speeds Build Times While Improving the User Experience.