Menu

Supporting Additional Code Signing Ordering Options

Sep 14, 2021

Supporting Additional Code Signing Ordering Options

Introduction


Currently, GlobalSign only support SafeNet & WatchData USB Tokens for Standard Code Signing pickup & installation. However, the Minimum Requirements for Code Signing allow keys to be stored on Smart Cards, Crypto Tokens, TPMs, HSMs, and as .pfx/.jks on removable non-crypto hardware such as a USB Flash Drive or SD Card provided the hardware is disconnected when signing is not in progress. By only supporting the Crypto USB Tokens, the usability of the product is greatly diminished. It has broken implementations for many customers rendering the certificates unusable.

  • Tokens cannot be accessed via Remote Desktop. This is a problem for distributed teams. 
  • The tokens are not friendly towards automated build processes. 
  • Some software requires a selectable .pfx or .jks file to sign and are not compatible with Tokens.


Hence, starting June 26, 2017, GlobalSign will provide support for the HSM (Hardware Security Module) which is a physical computing device that provides crypto process and can be attached directly to a computer or network server. Customers will have the following options available to them:

  • CodeSigning certificate with USB Token
  • CodeSigning certificate without USB token
  • CodeSigning certificate in .pfx or .jks format


Timeline

February 1, 2017 Microsoft adopted the CA Security Council's Minimum Requirement for Code Signing
January 30, 2017 GlobalSign started adopting the CA Security Council's Minimum Requirements for Code Signing
June 26, 2017 GlobalSign provides support for additional Code Signing ordering options 


Code Signing Ordering Options and Delivery Matrix

Ordering Option Ordering Steps Pickup Steps Pickup Option
HSM Create Pickup Password Enter Pickup Password
Paste in CSR		 CSR (PKCS#10) Entry


References

Related Articles

How to Transfer an SSL Certificate

Oct 3, 2020, 12:07 PM

This article provides step-by-step instructions for ordering a new SSL certificate, such as a DomainSSL, OrganizationSSL, and ExtendedSSL, including how to switch from a competitor. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

DNS CAA Checking FAQ

Mar 8, 2020, 4:11 PM

GlobalSign offers two types of Code Signing Certificates. The methods and requirements to sign code vary from platform to platform often creating confusion for the end user.

Read More

Email Security - PersonalSign

Oct 21, 2013, 4:07 AM

PersonalSign Certificates use Secure/Multipurpose Internet Mail Extensions (S/MIME) technology to allow users to digitally sign and encrypt email. Digitally signing emails protects the origin and authenticity of an email.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support