Skip to main content

Certificate auto-issuance

When the private key associated with your publicly trusted certificate is stored on an HSM, DigiCert is required by CA/B guidelines to confirm that the key is stored on an FIPS 140-2 or EAL4+ Compliant HSM device. This confirmation is mandatory, even when you generate and store your private key on DigiCert's HSM, which meets these requirements.

DigiCert sends an HSM confirmation email for every publicly trusted code signing certificate that you request. Your certificate cannot be issued if you do not complete this HSM confirmation. Delays in the issuance of your certificate may occur if the recipient of the email fails to click on the link and complete the confirmation process.

Nota

The subject line of the HSM confirmation email is:

[Action Required] Private key protection requirements for your code signing (order #)

HSM agreement exemption

Provide a Code Signing Audit Letter for each organization in your account to be exempted from the HSM confirmation email process. The exemption ensures that your certificate auto-issues without unnecessary delays.

Exemption validity

The HSM agreement exemption is valid for:

Certificate type

Validity

Code signing

825 days

EV code signing

13 months

Request exemption

To request an HSM agreement exemption:

  1. Contact DigiCert Support.

  2. Request a PDF copy of the Code Signing Audit Letter.

  3. Complete the form.

    Dica

    In question 4, note that your private key is stored in DigiCert​​®​​ Software Trust Manager's HSM, which is FIPS 140-2 level 3 compliant.

  4. Send the completed Code Signing Audit Letter to DigiCert Support.