Supporting Additional Code Signing Ordering Options

Sep 14, 2021

Supporting Additional Code Signing Ordering Options

Introduction


Currently, GlobalSign only support SafeNet & WatchData USB Tokens for Standard Code Signing pickup & installation. However, the Minimum Requirements for Code Signing allow keys to be stored on Smart Cards, Crypto Tokens, TPMs, HSMs, and as .pfx/.jks on removable non-crypto hardware such as a USB Flash Drive or SD Card provided the hardware is disconnected when signing is not in progress. By only supporting the Crypto USB Tokens, the usability of the product is greatly diminished. It has broken implementations for many customers rendering the certificates unusable.

  • Tokens cannot be accessed via Remote Desktop. This is a problem for distributed teams. 
  • The tokens are not friendly towards automated build processes. 
  • Some software requires a selectable .pfx or .jks file to sign and are not compatible with Tokens.


Hence, starting June 26, 2017, GlobalSign will provide support for the HSM (Hardware Security Module) which is a physical computing device that provides crypto process and can be attached directly to a computer or network server. Customers will have the following options available to them:

  • CodeSigning certificate with USB Token
  • CodeSigning certificate without USB token
  • CodeSigning certificate in .pfx or .jks format


Timeline

February 1, 2017 Microsoft adopted the CA Security Council's Minimum Requirement for Code Signing
January 30, 2017 GlobalSign started adopting the CA Security Council's Minimum Requirements for Code Signing
June 26, 2017 GlobalSign provides support for additional Code Signing ordering options 


Code Signing Ordering Options and Delivery Matrix

Ordering Option Ordering Steps Pickup Steps Pickup Option
HSM Create Pickup Password Enter Pickup Password
Paste in CSR
CSR (PKCS#10) Entry


References

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support