Industry moved to RSA 3072-bit key minimum for code signing certificates
To comply with industry changes, DigiCert has made the following changes to our code signing certificate process:
eToken and HSM changes
DigiCert supports two eTokens:
HSM must:
*Note: All existing 2048-bit key code signing certificates issued before June 1, 2021, will remain active. You can continue to use these certificates to sign code until they expire.
Learn more about the change to 3072-bit key code signing certificates.
If you are reissuing your Code Signing (CS) certificate for the Sun Java platform, you must submit a certificate signing request (CSR) with your request. However, you can include a CSR with your request for any platform.
To remain secure, certificates must use an RSA 3072-bit or ECC P-256-bit key size or larger. To find instructions about creating a CSR for different operating systems and platforms, see Create CSR for a code signing certificate request.
In your CertCentral account, in the left main menu, click Certificate > Orders.
On the Orders page, click the order number link for the Code Signing certificate you want to reissue.
On the Order details page, in the Certificate Actions dropdown, select Reissue Certificate.
Add Your CSR
Upload or paste your CSR in the Add Your CSR box.
The Sun Java Platform is the only platform that requires you to submit a CSR with your request. For all other platforms, submitting a CSR is optional.
Signature Hash
Unless you have a specific reason for choosing a different signature hash, DigiCert recommends using the default signature hash: SHA-256.
Server Platform
Select the platform you want to use your reissued certificate with.
Reason for Reissue
Specify the reason for the certificate reissue.
Click Request Reissue.
An approval for your CS certificate reissue may be required. If an approval is required, the CS verified contact for the organization is sent an email informing them that they need to approve the certificate reissue request. Once we receive their approval, we'll reissue your Code Signing certificate.
After we reissue your certificate, you'll need to install it. See our Install a Code Signing certificate instructions.
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.
This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. Read our Cookie Policy and Privacy Policy to learn more.