Code Signing Certificate Prices will Soon Increase by 300-400% Due to New CA Regulations

CA’s to Raise Code Signing Certificate Prices – New Industry Standards Expected

Don’t wait until it’s too late! Code signing certificate prices are expected to increase by 300-400% soon. Get yours now before the price hike.

As a software developer or publisher, you are more likely to be familiar with code-signing certificates. These certificates are used for digitally signing software codes and executable files to ensure their authenticity and integrity.

Recently, the industry has undergone several changes wherein the Certification Authority & Browser (CA/B) announced enhanced security standards from June 1, 2023. To align with these changes, the certificate prices are set to increase dramatically up to 300 to 400%.

In this article, we’ll explore the upcoming price hikes and what they mean for developers and publishers.

Code Signing Certificate Price Hikes

Starting June 1, 2023, new regulations from the CA/B Forum will require all code-signing certificates to be issued on hardware tokens. It is a significant change from the current system, where certificates are issued on software-based platforms. While the move to hardware tokens is designed to increase security, it comes with a hefty price tag.

According to industry insiders, the cost of code signing certificates is expected to increase by 300-400% due to the new regulations. These include other processes, the cost of transportation, hardware, and so on. It means developers and publishers must budget significantly more for their code signing needs.

Official statements state that starting June 1, 2023, organizations will only receive the private key for a Standard Code Signing Certificate in an HSM. (Hardware Security Module). The CA must raise the price of the certificate to pay costs, as providing a cryptographic key in a hardware token requires more time and money from them.

After the specified date, no one can obtain a private key using the web-based method. Additionally, the selling of software-based OV certificates will be stopped.

Moreover, certificate providers are modernizing their processes to comply with the new rules. They will soon begin offering Standard Code Signing Certificates based on HSMs.

Price Increases for Code Signing Certificates by DigiCert & Sectigo

It often requires time and money to increase security, and in this instance, that is undoubtedly the case. Certificate Authorities are offering new pricing for code signing certificates, including hardware and shipping costs and the certificate’s cost.

After implementing new regulations, every organization getting a Code Signing Certificate must keep the private key in a hardware token. You can have CA send you a private key in an HSM or use your hardware gadget. However, you must ensure your identifier complies with the FIPS-140 Level 2 standard.

DigiCert Certificate Price Hikes

DigiCert announced that its code signing certificate prices would increase by 300% starting in January 2023. The company cites the new hardware token requirement as the reason for the price hike.

• The cost of OV code signing certificates from DigiCert won’t change: $539 (MSRP for one year)
• The cost of a hardware token supplied by DigiCert will increase by $120 as of June 1, 2023.
• Customers may use their existing compliant token, HSM, or key vault instead of buying a physical token from DigiCert.

Sectigo Certificate Price Hikes

Sectigo, another primary provider of code signing certificates, has also announced price increases. While the company has not released specific details on the price changes, it has stated that they will be “significant.”

Sectigo is planning to change the prices in two stages:

• Prices for code signing certificates rose on March 7 from $179 to $379 (MSRP for one year).
• Sectigo will start charging a $50 token and a $40 to $90 shipping fee on May 8.
• If a customer owns a Thales/SafeNet Luna, NetHSM, or Yubico FIPS Yubikey hardware, they may decide not to buy a token from Sectigo. (ECC keys only).

What’s So Special About These Hardware Tokens?

These tokens may look like any cheap USB resting in the cupboard for ages, but they are much more than that. These tokens must be FIPS 140 Level 2 or Common Criteria EAL 4+ certified to comply with CA/B Forum requirements. 

These tokens are specialized cryptographic devices similar to hardware security modules (HSMs) or Trusted Platform Modules. They contain hardware and software features to carry out cryptographic activities while maintaining the key’s security. (TPMs).

Code Signing Certificate Keys

Hardware tokens are designed to provide an extra layer of security for code-signing certificates. Instead of issuing certificates on software-based platforms, hardware tokens require physical possession of the token to sign the code. It helps prevent unauthorized access and ensures the authenticity of the code.

However, the move to hardware tokens also comes with some challenges. Developers and publishers must ensure they can access the necessary hardware to sign their code. It may become a cause for significant investments in new equipment, which may be challenging for smaller organizations to afford.

Additionally, hardware tokens can be lost or damaged, which could lead to significant downtime for developers and publishers. Organizations need backup plans to ensure they can continue to sign code in the event of hardware failure.

Conclusion

The upcoming changes by the CA/B Forum will dramatically increase the code signing certificate prices. While the move to hardware tokens is designed to improve security, it also presents some challenges for developers and publishers.

Organizations must budget accordingly and have the necessary hardware and backup plans to minimize downtime. As always, it’s essential to work with a reputable certificate authority to ensure the authenticity and integrity of your site.