After some local advice.
My code signing certificate is up for renewal in November so I figured I’d get onto it early. I must’ve missed the new requirements as since June/July you need a physical token to store the certificate. With all the requirement changes the prices have jumped significantly.
Seems like there are two options.
1. Get a fips Yubikey (which seems to be out of stock everywhere) and get a certificate the hard way
2. Pay an extra US$115-200 for a certificate and key
Anybody else gone through this recently?