Filtrage par : FIPS 140 Level 2 x effacer

Novembre 15, 2022

code signing OV code signing FIPS 140 Level 2 CA/B Forum private key storage hardware token Common Criteria EAL 4+ industry changes
compliance

OV code signing certificates requirements are changing

Starting on November 15, 2022, at 00:00 UTC, industry standards will require private keys for OV code signing certificates to be stored on hardware certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This change strengthens private key protection for code signing certificates and aligns it with EV (Extended Validation) code signing certificate private key protection. See Code Signing Baseline Requirements, current version

How do these new requirements affect my code signing certificate process? 

The new private storage key requirement affects code signing certificates issued from November 15, 2022, and impacts the following parts of your code signing process: 

  • Private key storage and certificate installation
    Certificate Authorities (CAs) can no longer support browser-based key generation and certificate installation or any other process that includes creating a CSR (Certificate Signing Request) and installing your certificate on a laptop or server. Private keys and certificates must be stored and installed on tokens or HSMs (hardware security modules) certified as at least FIPS 140-2 Level 2 or Common Criteria EAL 4+.
  • Signing code 
    To use a token-based code signing certificate, you need access to the token or HSM and the credentials to use the certificate stored on it.
  • Ordering and renewing certificates 
    When ordering and renewing an OV code signing certificate, you must select the hardware you want to store the private key on: a DigiCert-provided hardware token, your own supported hardware token, or a hardware security module (HSM).
  • Reissuing certificates
    When reissuing code signing certificates, you must install the certificate on a supported hardware token or HSM. If you do not have a token, you can purchase a token from DigiCert at that time. 

Want to eliminate the need for individual tokens? 

Transition to DigiCert® Secure Software Manager to improve your software security with code-signing workflow automation that reduces points of vulnerability with end-to-end company-wide security and control in the code signing process—all without slowing down your process. 

Key capabilities: 

  • HSM key storage—industry compliant 
  • Policy enforcement 
  • Centralized management
  • Integration with CI/CD pipelines 
  • And more 

To learn more about how DigiCert Secure Software Manager has helped other organizations, see our case study Automated Signing Speeds Build Times While Improving the User Experience

À propos de

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.