As of May 15, 2023, InCommon Certificate Service code signing certificates are only available on special secure hardware tokens (Hardware Security Modules). It will no longer be possible to store the private key for code signing certificates directly on university computers.
This change is industry-wide and greatly improves the security of code signing certificates and reduces the chances of theft and misuse that could negatively affect the university’s trustworthiness and reputation.
Units that currently use code signing certificates or that might start using them soon should plan on purchasing a hardware token (typically under $100) before they need to renew or obtain a code signing certificate. It may take up to several weeks to obtain and set up a hardware token. Once a unit has purchased and set up a hardware token, it can be used for multiple code signing certificates each of which can be issued or renewed within two to three business days.
Additional information is available in the “Code Signing Certificates” section of the InCommon Certificate Service page on the ITS website.
For assistance, contact incommon-certificate-service@umich.edu.
