Implementation of a new policy in the protection of the private key in Code Signing certificates
According to CA/B Forum Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates and HARICA’s Certificate Policy and Certification Practices Statement for the Hellenic Academic and Research Institutions Public Key Infrastructure (CP/CPS), starting June 1, 2023, it will be mandatory for Code Signing Certificates to have their private keys stored in hardware devices such as tokens or Hardware Security Modules (HSMs) with at least security standard of FIPS 140-2 level 2 or Common Criteria EAL 4, following the existing requirements for Extended Validation Code Signing Certificates.
This new policy optimizes the protection of private keys and upgrades the security of Code Signing Certificates.
What are the policy changes for Code Signing certificates?
Starting June 1, 2023, HARICA will exclusively issue Code Signing Certificates to hardware devices (tokens).
If subscribers prefer to use their own device, this must meet the minimum security standards of FIPS 140-2 level or Common Criteria EAL 4+.
To request for a new Code Signing Certificate, subscribers can submit their requests through our portal cm.harica.gr. Once the certificate is issued, if needed, we will send a token to the subscriber’s preferred address via courier.
We would like to emphasize that HARICA maintains consistent pricing for Code Signing Certificates. This means that the cost of acquiring a Code Signing Certificate and the hardware device remains unchanged.
What will happen to Code Signing Certificates issued prior to June 1, 2023?
Code Signing Certificates issued prior to June 1, 2023, will remain valid until their expiration date. Subscribers of these certificates do not need to take any action. The changes introduced only to Code Signing Certificates that will be issued on or after June 1, 2023.
How will HARICA’s Code Signing Certificates be renewed after June 1, 2023?
Code Signing Certificates that have been purchased in the years 2022 and 2023 for more than three (3) years and their renewal occurs after June 1, 2023, HARICA will provide the necessary token at no additional cost to the subscribers.
Do you have additional questions or concerns?
If you have questions or need more information, please contact the HARICA support at firstname.lastname@example.org.