Code Signing Certificates Price Hike up to 3X to 4X Due to New CA/B Forum Regulations

Sectigo Code Signing Certificate Price Changes

The price of the OV and EV Code Signing Certificate is going to increase shortly by 3x to 4x. But, there’s a valid reason behind it, which you must know and understand.

However, SignMyCode doesn’t let its customers pay the additional cost. That’s why we have also brought the solution for getting Code Signing Certificates at the cheapest price.

So, let’s get started to know the reason behind the hike and the solution to grab the lowest price deal.

The New CA Policies Coming Into Action

The reason behind the changes in the Code Signing Certificate price is the introduction of new issuance policies by Certificate Authorities.

According to the official announcements, from May 15st, 2023, organizations will receive Standard Code Signing Certificate’s private key only in an HSM (Hardware Security Module). As the CA’s cost and efforts increase to provide a cryptographic key in a hardware token, it leads to a hike in the certificate’s price to cover expenses.

From the mentioned date, no one will be able to receive a private key through the web-based mechanism. And the sale of software-based OV certificates will also get eliminated.

Additionally, to comply with the new guidelines, certificate providers are updating their operations. Soon they will be starting to provide HSM-based Standard Code Signing Certificate. SignMyCode has also started to upgrade its services and prices for OV and EV Code Signing Certificates.

Why CAs Are Implementing Such Changes?

The primary reason for introducing HSM for OV Code Signing Certificate is to strengthen software security. Recently, security professionals have analyzed a drastic rise in key breaches due to a lack of security. Therefore, to prevent such incidents, CAs have decided to use HSM for a standard certificate.

It will help the organizations to comply with private key security best practices and protect the key from unauthorized persons. Due to HSM, people with access to physical tokens will only sign the software. And the possibility of key theft because of system exploitation will reduce to nearly zero.

In addition, the keys will get stored in FIPS-140 Level 2 hardware token, assuring its integrity, confidentiality, and availability.

Impact of New Code Signing Certificate Protocols

The new Code Signing Certificate protocols have the following impact on organizations:

Mandatory Use of Hardware Security Module

Once the new rules get implemented, every organization receiving the Code Signing Certificate will need to store the private key in a hardware token.

You can select the option to receive a private key in an HSM from CA or you can use your hardware module for it. But you need to make sure that your token must comply with FIPS-140 Level 2 standard.

Need of HSM While Signing

Currently, organizations are using software-based code signing certificates, in which everything is available in a single PFX file. But when an HSM comes into play, you need to plug it into the machine. Otherwise, your certificate will not sign and timestamp the executable files, making them vulnerable to unauthorized modification.

Therefore, OV and EV signing procedures will be going to consist of almost the same steps.

Hike in Price

With the introduction of HSM, CAs are going to focus more on securely shipping private keys. And for it, additional resources, efforts, and costs will be required. And to cover the expenses, the price of the Standard and EV Code Signing Certificate will increase accordingly.

For better security with an OV certificate, organizations need to pay a little extra.

Get Sectigo Code Signing Certificates

What To Do For Saving Money?

The price is going to increase for OV and EV Code Signing Certificates. But, you can still save your money by purchasing the certificates before 1st April 2023.

You only have to go to the SignMyCode product page, select the certificate with a three-year validity plan and complete the payment. The certificate you purchase will work as a software-based solution regardless of the change in policies and price.

As a result, you will save efforts and resources to manage hardware tokens along with the additional cost, and you will also get all the SignMyCode post-purchase leverages.

What Will Happen To The Current Certificate?

You don’t need to worry about current Code Signing Certificates, as they will work completely fine until their expiration. After that, you need to purchase a certificate according to new policies and prices.

But, if your software publisher certificate is going to expire in a short term; then, you must buy a Code Signing Certificate with a three-year plan from SignMyCode. It will aid you in seamlessly signing unlimited software, scripts, and applications. This is the best time to avail such amazing deals and lock in them for the next three years.

Wrapping Up

Certificate Authorities are modifying their rules for issuing private key for OV Code Signing Certificates in a hardware token. And to efficiently execute it, their operations cost is increasing, leading to a hike in the price of signing certificates.

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Leave a comment

Your email address will not be published. Required fields are marked *