en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

New Minimum RSA Key Size for Code Signing Certificates

Beginning on May 31, 2021, the minimum RSA key size for code signing and EV code signing certificates issued by SSL.com will increase from 2048 to 3072 bits. SSL.com is making this change as part of its continual effort to follow current industry best practices and remain in compliance with all applicable standards, including the CA/Browser forum’s Baseline Requirements for code signing and EV code signing guidelines. Minimum sizes for ECC code signing keys will remain unchanged. SSL.com’s customers can expect the following effects from this change:

  • Code signing and EV code signing certificates issued before May 31, 2021 (including those with 2048-bit RSA keys) will continue to work as usual until they expire. So, if you already have a code signing certificate, no action is necessary at the present time.
  • eSigner EV code signing certificates will be issued with 3072-bit RSA keys following this change. If you have already enrolled an EV code signing certificate in eSigner, no further action is necessary.
  • Because the YubiKey FIPS tokens we use to distribute EV code signing certificates do not support RSA keys larger than 2048 bits, SSL.com will begin issuing ECC EV code signing certificates on YubiKey. Therefore, you should now choose only the ECCP256 or ECCP384 algorithm when generating keys for a new EV code signing certificate on Yubikey, not RSA2048:
    YubiKey Manager key selection

As always, if you have any questions about the new key size requirements or any other issue relating to SSL.com’s products and services, please contact us by email at Support@SSL.com, by phone at 1-877-SSL-SECURE, or by using the chat link on this page. You can also find answers to many common support questions in the SSL.com knowledgebase.

EV Code Signing certificates from SSL.com may now be enrolled in be enrolled in eSigner,  SSL.com’s cloud-based code and document signing platform (currently in public beta). If you have purchased an EV code signing certificate from SSL.com and would like to enroll it in the public beta of eSigner, please fill out the eSigner beta registration form and a team member will contact you with enrollment details.

REGISTER FOR eSIGNER BETA

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com