LeaderSSL Support: offline:
Mo - Fr 9:00 - 18:00 CET time
Customer service Billing:

Monday — Friday:
9:00 - 18:00 CET time

Technical Support:

Monday — Friday:
9:00 - 18:00 CET time

Ordering system/certificate issuance:

24/7

LeaderTelecom B.V. is VAT-registered with the UK’s HM Revenue and Customs (HMRC) and has a UK VAT number (GB373878249) , so we can charge UK VAT as normal. All invoices for UK customers now include 20% VAT, although still denominated in EUR as the company’s tax residency is the Netherlands.

News

The procedure for issuing public OV Code Signing certificates has changed

According to the SSL industry regulator CA/B Forum, starting November 15, 2022, private keys for OV Code Signing certificates must be stored on devices that meet FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent security standards. As a result, the protection of the private key will be strengthened and brought to the level of EV (Extended Validation).

Changes to the OV Code Signing issuance will affect all certificates issued, reissued or renewed from November 15, 2022.

Users will no longer have to make CSR requests on their own, since now all the technical parts of issuing a Code Signing certificate will be carried out on the side of the Certification Authority (CA).

According to the new rules, private keys and certificates must be stored on tokens or on HSM modules (hardware security modules) that are certified according to standards that are not lower than FIPS 140-2 Level 2 or Common Criteria EAL 4+.

How the code signing process will be implemented from November 15, 2022

To use a Code Signing certificate stored on a token/HSM, the user will need physical access to that device, as well as credentials to use the certificate.

To sign their code, the user will need to connect the token/HSM with the certificate to the computer, and then use a unique password for additional security.

How the ordering and renewal of Code Signing certificates will work from November 15, 2022

In the case of ordering or renewing a Code Signing certificate, the user will need to select the appropriate delivery method. In other words, you will need to select the type of device on which the private key will be delivered. CAs offer three delivery options:

  • On a physical token (preinstalled certificate).
  • On the HSM module.
  • Using your own supported token.

As we noted above, tokens and HSM modules must meet FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent security standards. To use the HSM module, you will need to send an attestation letter to the CA with information about the audit passed.

How the reissue of Code Signing certificates will take place from November 15, 2022

In the case of reissuing a Code Signing certificate, users will need to install the certificate on a supported token/HSM. If the user does not have a token, then in this case it will need to be additionally ordered.

At the moment, certification authorities (CAs) are establishing a procedure for buying tokens when reissuing Code Signing certificates. As soon as the prices and conditions of the purchase are known, we will add the relevant information to the site.

The full rules for issuing OV Code Signing certificates can be found in the Baseline Requirements (BR) for the Issuance and Management of Code Signing (v. 2.8) document, which is available on the CA/B Forum website.

Subscribe to our newsletter to keep up with the latest events from the world of SSL!  


Are you ready to try?


Yes! Let's do it for free!

Have any questions?
Call us now +31 20 7640722