In this update we would like to inform you about a number of relevant external developments, which, for example, also affect our validation procedures. This is all to make the client certificate request process easier.
This message applies to customers who generate their own CSR and send it to us.
Minimum key length Code Signing certificates to 3072 bits
The CA/Brower forum has tightened the requirements for code signing certificates; from June 1, 2021, a minimum key length of 3072 bits is required. Currently, the minimum key size is still 2048 bits. The reason for this is to improve security, in order to be better prepared for future technological advances that enable additional computing power.
Vulnerability in OpenSSL
In OpenSSL, widely used software for setting up HTTPS connections, two vulnerabilities were found at the end of March that can lead to reduced accessibility of websites. Do you use OpenSSL? Then check your OpenSSL version so that you can update quickly if necessary.
End of TLS 1.2 in sight
In January, the National Cyber Security Center (NCSC) amended its security guidelines, including the recommendation to switch to the encryption protocol TLS 1.3. This protocol is more resistant to (future) attack techniques and is also easier to securely configure than its predecessor TLS 1.2
Validation procedure changes digital signatures
The controls for the issuance of certificates are continuously monitored and tightened up if necessary. Recently, two changes have been made in the field of digital signatures:
From March 2021, it is necessary to send a copy of the applicant’s ID when applying for a Sectigo code signing and EV code signing certificate. Both a passport, identity card and driver’s license are allowed.
From April 2021, an additional validation of the applicant is required to apply for an Ensured eSign (personal) certificate. We do this by signing a short contract, and in specific cases – such as a sole proprietorship or an application from an HR department – via a short video call, in which the applicant is asked to show his ID.
For more information please email us firstname.lastname@example.org