{"id":16319,"date":"2023-03-22T17:15:44","date_gmt":"2023-03-22T21:15:44","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=16319"},"modified":"2023-03-28T12:21:01","modified_gmt":"2023-03-28T16:21:01","slug":"code-signing-price-changes-as-cas-align-with-new-industry-standards","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/code-signing-price-changes-as-cas-align-with-new-industry-standards\/","title":{"rendered":"Code Signing Price Changes as CAs Align With New Industry Standards"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-digicert-sectigo-code-signing-certificate-pricing-is-changing-as-they-adopt-new-ca-b-forum-standards\">DigiCert &amp; Sectigo code signing certificate pricing is changing as they adopt new CA\/B Forum standards<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As we <a href=\"https:\/\/www.thesslstore.com\/blog\/ov-code-signing-key-storage-requirement-changes-pushed-to-2023\/\">reported last year<\/a>, the Certificate Authority &amp; Browser (CA\/B) Forum is requiring enhanced security standards for <a href=\"https:\/\/www.thesslstore.com\/products\/code-signing-certificates.aspx\">code signing certificates<\/a> starting June 1, 2023. The good news: your code will be safer. The bad news: since these changes necessitate additional processes, hardware, and shipping costs, this (as expected) is resulting in a price increase for code signing certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Additionally, we took this opportunity to make our code signing provisioning process better and more user-friendly. So, keep an eye out for some new streamlined workflows on TheSSLstore.com coming very soon; these are expertly designed to make it easy for you to breeze through the new processes. In the meantime, here\u2019s what you can learn to expect with the code signing provisioning and price changes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-quick-recap-what-are-the-new-ca-b-forum-changes-for-code-signing\">Quick Recap: What are the New CA\/B Forum Changes for Code Signing?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You can check out <a href=\"https:\/\/www.thesslstore.com\/blog\/changes-coming-to-ov-code-signing-certificates-keys-starting-nov-15\/\">our blog post from 2022 if you want to read the full details<\/a>, but the TLDR is:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2-1024x640.jpg\" alt=\"A photo of a hardware security token\" class=\"wp-image-16320\" width=\"363\" height=\"226\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2-1024x640.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2-300x188.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2-768x480.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2-1536x960.jpg 1536w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ev-certificate-token2-v2.jpg 1600w\" sizes=\"auto, (max-width: 363px) 100vw, 363px\" \/><figcaption class=\"wp-element-caption\">An example of a hardware security token.<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Starting <strong>June 1, 2023<\/strong>, code signing certificate keys must be stored on a hardware security module or token that\u2019s certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This is intended to fight against an increasingly common problem\u2014stolen code signing keys being used to sign and distribute malware.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To meet these new requirements, CAs will (in most cases) ship a compliant hardware token to the customer as part of the code signing product purchase.<\/p>\n\n\n<span style=\"--tl-form-height-m:140.469px;--tl-form-height-t:116.8555px;--tl-form-height-d:116.8555px;\" class=\"tl-placeholder-f-type-shortcode_16066 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-digicert-sectigo-increase-prices-for-code-signing-certificates\">DigiCert &amp; Sectigo Increase Prices for Code Signing Certificates<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As is often the case, increasing security takes time and money\u2014and that\u2019s certainly the case here. With hardware and shipping costs added to the price of the code signing certificate, Certificate Authorities are introducing new pricing for code signing certificates.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-digicert\">DigiCert<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DigiCert\u2019s price for OV code signing certificates will stay the same: $539 (MSRP for 1 year)<\/li>\n\n\n\n<li>Starting <strong>June 1<\/strong>, DigiCert will begin charging <strong>an additional $120<\/strong> for a DigiCert-provided hardware token.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Customers who already have a compliant token, HSM, or key vault may use it instead of purchasing a DigiCert-provided hardware token.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-sectigo\">Sectigo<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Sectigo is changing their prices in two phases:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On <strong>March 7<\/strong>, code signing certificate prices were <strong>increased to $379<\/strong> (MSRP for 1 year) from $179.<\/li>\n\n\n\n<li>Starting <strong>May 8<\/strong>, Sectigo will add a <strong>$50 token fee<\/strong> and a <strong>$40-90 shipping fee<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Customers may choose not to purchase a token from Sectigo if they have a Thales\/SafeNet Luna or NetHSM device, or Yubico FIPS Yubikey (ECC keys only).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Other CAs are also updating their code signing prices\u2014you can expect to see new pricing from all code signing providers by about June 1 at the latest.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-these-hardware-tokens\">What Are These Hardware Tokens?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You might be surprised by the cost of these hardware tokens if you\u2019re comparing them to typical USB flash drives. You might be thinking: \u201cFor just a couple bucks, I can get a USB drive with gigabytes of storage\u2026way more than is needed to store a certificate and key. What\u2019s the deal?\u201d However, these aren\u2019t typical USB drives.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The CA\/B Forum standards require tokens certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. These tokens include hardware and software features to run cryptographic operations while keeping the key secure\u2014they\u2019re specialized cryptographic devices similar to <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-hardware-security-module-hsms-explained\/\">hardware security modules<\/a> (HSMs) or <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-tpm-security-trusted-platform-modules-explained\/\">Trusted Platform Modules<\/a> (TPMs).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-don-t-want-to-mess-with-tokens-switch-to-a-signing-platform\">Don\u2019t Want to Mess with Tokens? Switch to a Signing Platform<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Code signing platforms such as DigiCert Software Trust Manager store the certificate keys in an HSM. That means you don\u2019t need to worry about hardware tokens\u2014just log in to the platform and sign your code.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<h2 class=\"wp-block-heading\" id=\"h-simplify-code-signing\">Simplify Code Signing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Schedule a demo to see how DigiCert Software Trust Manager makes code signing easy <strong><em>and<\/em><\/strong> secure.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/pki.thesslstore.com\/code-signing-contact\/\">Schedule Demo<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"359\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/software-trust-manager-dashboard.png\" alt=\"A screenshot of the DigiCert Software Trust Manager dashboard\" class=\"wp-image-16323\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/software-trust-manager-dashboard.png 706w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/software-trust-manager-dashboard-300x153.png 300w\" sizes=\"auto, (max-width: 706px) 100vw, 706px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">All in all, the code signing industry changes are happening and there\u2019s only so much that can be done to minimize the impact. One quick suggestion is to purchase a 3-year certificate now and get it issued before the cut-off date and you won\u2019t have to deal with tokens for the next few years.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you have any further questions, please reach out to our team and we will help you navigate the new processes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DigiCert &amp; Sectigo code signing certificate pricing is changing as they adopt new CA\/B Forum standards As we reported last year, the Certificate Authority &amp; Browser (CA\/B) Forum is requiring&#8230;<\/p>\n","protected":false},"author":28,"featured_media":16337,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17,10200],"tags":[4969],"class_list":["post-16319","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","category-monthly-digest","tag-code-signing","post-with-tags"],"views":11367,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/03\/ca-prices-changing-feature2.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=16319"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16319\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/16337"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=16319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=16319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=16319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}