Private keys and certificates must be stored and installed on tokens or HSMs (hardware security modules) certified as at least FIPS 140-2 Level 2 or Common Criteria EAL 4+.
This new requirement means Certificate Authorities (CAs) can no longer support browser-based key generation and certificate installation or any other process that includes creating a CSR (Certificate Signing Request) and installing your certificate on a laptop or server. Private key storage and certificate installation.The new private storage key requirement affects code signing certificates issued from June 1, 2023, and impacts the following parts of your code signing process: How do these new requirements affect my code signing certificate process? This change strengthens private key protection for code signing certificates and aligns it with EV (Extended Validation) code signing certificate private key protection.
Starting on June 1, 2023, at 00:00 UTC, industry standards will require private keys for standard code signing certificates to be stored on hardware certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. See Voting results Ballot CSCWG-17: Subscriber Private Key Extension. Description Update: To provide you with more time to prepare for the new OV code signing certificate private key storage requirement, the industry has postponed the rollout until June 1, 2023.
0 kommentar(er)
