Code Signing - New requirements

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › IT Pro and developers › Code Signing - New requirements

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#306778 21-Aug-2023 08:20

Hi All

After some local advice.

My code signing certificate is up for renewal in November so I figured I’d get onto it early. I must’ve missed the new requirements as since June/July you need a physical token to store the certificate. With all the requirement changes the prices have jumped significantly.

Seems like there are two options.

1. Get a fips Yubikey (which seems to be out of stock everywhere) and get a certificate the hard way
2. Pay an extra US$115-200 for a certificate and key

Anybody else gone through this recently?

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#3118411 21-Aug-2023 09:49

Yikes, following with interest.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#3118415 21-Aug-2023 09:55

Are to share a link to what you're referencing here?

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#3118431 21-Aug-2023 10:32

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#3118440 21-Aug-2023 11:12

Lias:

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

Yep thats it but to summarise;

From June 2023 you have to store code signing certs on a physical device - etoken/yubikey/HMS
Some cert vendors will only sell you a cert with a physical device (for an additional ~USD$120)
The price has jumped significantly (cheapest I can find is $400-500 USD)
Some vendors will let you use your own device while some dont
Some vendors offer a cloud service but this is something like US$20 per month for limited signing and this is in addition to the the cert cost.

RE #4 this seems to be fraught with issues, while it can be done one video I watched the creator said to just pay the extra $120 as support is difficult if doing it DIY

Oh and as mentioned I dont know if this change has resulted in a supply issue but I cant find any local suppliers with stock of the FIPS yubikeys.

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#3118455 21-Aug-2023 11:29

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#3118467 21-Aug-2023 12:23

Lias:

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...

Yup thats a common question thats come up. Some sites sugest doing pass through etc.

I did see some mention of using Azure Keyvault but I dont know how realistic that is.

EDIT: The Azure Keyvault option only worked prior to the need for physical storage.

Mighty Ape

Shop now at Mighty Ape (affiliate link).

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#3160579 17-Nov-2023 14:59

Sorry to revive this topic. My renewal was up and luckily I stumbled across SSL Trust (in Oz). They offer Verokey code signing certs which are about half the price of Comodo etc.

Ended up being about NZ$800 for 3 year cert and shipped USB Token.

https://www.ssltrust.com.au/ssl-certificates/code-signing

The org validation was much more fluid than last time too.

Now to figure out how to use this USB cert store thing...

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#3160615 17-Nov-2023 15:19

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.

tchart

2396 posts

Uber Geek
+1 received by user: 577

ID Verified

Trusted

#3160618 17-Nov-2023 15:22

Lias:

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.

Good to know!

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright