Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCode Signing - New requirements
tchart

2380 posts

Uber Geek

ID Verified
Trusted

#306778 21-Aug-2023 08:20
Send private message

Hi All

After some local advice.

My code signing certificate is up for renewal in November so I figured I’d get onto it early. I must’ve missed the new requirements as since June/July you need a physical token to store the certificate. With all the requirement changes the prices have jumped significantly.

Seems like there are two options.

1. Get a fips Yubikey (which seems to be out of stock everywhere) and get a certificate the hard way
2. Pay an extra US$115-200 for a certificate and key

Anybody else gone through this recently?

Create new topic
Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118411 21-Aug-2023 09:49
Send private message

Yikes, following with interest.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.



mentalinc
3241 posts

Uber Geek

Trusted

  #3118415 21-Aug-2023 09:55
Send private message

Are to share a link to what you're referencing here?




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118431 21-Aug-2023 10:32
Send private message

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

 

 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.



tchart

2380 posts

Uber Geek

ID Verified
Trusted

  #3118440 21-Aug-2023 11:12
Send private message

Lias:

 

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

 

 

Yep thats it but to summarise;

 

     

  1. From June 2023 you have to store code signing certs on a physical device - etoken/yubikey/HMS
  2. Some cert vendors will only sell you a cert with a physical device (for an additional ~USD$120)
  3. The price has jumped significantly (cheapest I can find is $400-500 USD)
  4. Some vendors will let you use your own device while some dont
  5. Some vendors offer a cloud service but this is something like US$20 per month for limited signing and this is in addition to the the cert cost.

 

RE #4 this seems to be fraught with issues, while it can be done one video I watched the creator said to just pay the extra $120 as support is difficult if doing it DIY

 

Oh and as mentioned I dont know if this change has resulted in a supply issue but I cant find any local suppliers with stock of the FIPS yubikeys.

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118455 21-Aug-2023 11:29
Send private message

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

tchart

2380 posts

Uber Geek

ID Verified
Trusted

  #3118467 21-Aug-2023 12:23
Send private message

Lias:

 

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...

 

 

Yup thats a common question thats come up. Some sites sugest doing pass through etc.

 

I did see some mention of using Azure Keyvault but I dont know how realistic that is.

 

EDIT: The Azure Keyvault option only worked prior to the need for physical storage.

tchart

2380 posts

Uber Geek

ID Verified
Trusted

  #3160579 17-Nov-2023 14:59
Send private message

Sorry to revive this topic. My renewal was up and luckily I stumbled across SSL Trust (in Oz). They offer Verokey code signing certs which are about half the price of Comodo etc.

 

Ended up being about NZ$800 for 3 year cert and shipped USB Token.

 

https://www.ssltrust.com.au/ssl-certificates/code-signing

 

The org validation was much more fluid than last time too.

 

Now to figure out how to use this USB cert store thing...

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3160615 17-Nov-2023 15:19
Send private message

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

tchart

2380 posts

Uber Geek

ID Verified
Trusted

  #3160618 17-Nov-2023 15:22
Send private message

Lias:

 

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.

 

 

Good to know!

 

 

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright