Advisory

New Requirements related to Private Key protection for CodeSigning Certificates

Aug 19, 2025

The Certificate Authority/Browser (CA/B) Forum has introduced updates to Baseline Requirements (BRs) for issuing CodeSigning Certificates. Effective 1st June 2023, a private key should be generated and protected in a FIPS 140‐2 Level 2 or Common Criteria EAL 4+ compliant devices for both Standard and EV CodeSigning Certificates. This would mean for Standard CodeSigning Certificate users, the key pair must be generated and stored in a hardware crypto module that meets or exceeds the requirements of FIPS 140-2 level 2 or Common Criteria EAL 4+. In addition, the updates stipulates specific ways on how CA should ensure that private key is generated and protected on the compliant device.

Read More

Expiration of KMCS Certificates

Aug 19, 2025

In the past, Customers signing software or drivers that were to be executed in Windows Kernel Mode, could use any GlobalSign Code Signing Certificate along with the Microsoft Cross Certificate linking back to the GlobalSign Root R1. This Cross Certificate will expire on April 2021 and Microsoft will not be issuing trusted Cross Certificates for this purpose anymore.

Read More