Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
| Delivery Option | Shipping Details |
|---|---|
| USB Token + Shipping (US) | Ground shipping to addresses within the United States. |
| USB Token + Expedited Shipping (US) | Air express shipping to addresses within the United States. |
| USB Token + International Shipping (non-US) | Choose this option if your shipping address is not in the United States. |
Important: Shipping options selected when purchasing the product are only used to cover general shipping costs, they are not indicative of where the token will be shipped from. This product may ship internationally. Import duties, taxes, and brokerage fees may be charged by your country’s customs authority. These charges are not included in the product price or shipping cost and are the customer’s responsibility.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device: