The change in the rules for issuing public OV code signing certificates has been postponed until 1 June 2023

As we published previously, the CA/B Forum proposed a start date of 15 November 2022 for switching to storing private keys for OV code signing certificates on devices that meet FIPS 140 Level 2, Common Criteria EAL 4+ or similar security standards.

However, the decision was made to extend the transition period.

It will now be mandatory to use secure tokens for OV code signing from 1 June 2023.

Why have the transition dates changed?

It transpired that certification authorities and users need more time to prepare and update their infrastructure. According to Keyfactor, on average, each organisation has about 25 code signing certificates, while only half of the companies (about 51%) store them on special HSM modules.

Current supply chain issues and rising costs make it difficult to move to secure tokens.

I have an OV code signing certificate, what should I do?

The changes do not affect currently issued certificates. They are valid until the expiry date. You don't need to take any action.

If you have an expiring code signing certificate, you can renew it according to the old scheme until you switch to the new standard.

Certification authorities must complete the transition to hardware tokens by 1 June 2023. If you have any questions, you can address them to our support specialists during business hours.