The Certificate Authority Security Council's (CASC) Minimum Requirements for the Issuance and Management of Code Signing Certificates are required by all Certificate Authorities (CAs) in order for their Code Signing Certificates to be trusted in the Windows platforms.
The Minimum Requirements specify that CAs shall ensure stronger protection for private keys. All EV Code Signing Certificates, will require a USB token. All New and Renewal EV Code Signing orders will require a USB token to store the Certificate and protect the private key. Also, all standard Code Signing products - except for EV Code Signing - will be integrated to one “multi-platform” Code Signing Certificate.
Standard CodeSigning will no longer required to be provided on a token, as you will now have the option to generate and install your CodeSigning certificate on one of the following:
The Minimum Requirements specify standardized and strict identity verification practices. GlobalSign requires Code Signing Certificates to contain State and/or Locality in the subjectDN.
The Minimum Requirements specify timestamping requirements. GlobalSign's dedicated Code Signing timestamp URLs for this purpose are listed below:
|Hashing Algorithm||New Timestamp URL|
The Minimum Requirements specify standardized requirements for problem Certificate reporting and revocation. "Problem Certificates" are Certificates suspected of private key compromise, used to sign suspect or malicious code, etc.
Most likely, a revocation will be requested by a malware researcher or an application software supplier, such as Microsoft, where users of their software may be installing suspect code or malware. In this case, if Microsoft were to ask GlobalSign to revoke the Certificate, within two days the Certificate must be revoked or Microsoft must be informed that GlobalSign has started an investigation. Problem Certificates can be reported directly through our website at: https://www.globalsign.com/en/report-abuse/
For more information, please refer to our blog post What Do The New Code Signing Certificate Requirements Mean For Developers.
If you'd like to know more about our Code Signing Certificates, read our Code Signing FAQ Support Article.