20210514 - Key size increase for code signing certificates
The CA/B Forum recently decided to increase the key size for RSA code signing certificates. For security matters they will be extended to 3072-bit as of June 1st, 2021.
What consequences for currently valid certificates?
None. Your certificates will keep working normally until their expiration date.
And in case of reissuance ?
GlobalSign certificates
In case of reissuance your new certificate will be issued from a 4096-bit key. A new token, compatible with that key-length will the, be provided.
DigiCert & Sectigo certificates
In case of reissuance a new 3072-bit CSR will be requested. The certificate will also be chained to a new certification chain compliant with the new standard.
What about new orders?
GlobalSign certificates
The GlobalSign certificates will be delivered on a new token able to handle 4096-bit keys. A new time stamping server has been released for those certificates.
DigiCert & Sectigo certificates
The issuance of DigiCert code signing certificates will require a 3072-bit CSR. They will be chained to a new certification chain compliant with the new standard.