Code Signing Certificate (CSC)

CSCs are generally only valid for two years and must then be renewed.

Since June 2023, due to higher security requirements, private keys for standard code signing certificates must be stored on hardware that complies with at least

• FIPS
• Common Criteria EAL4
• or an equivalent standard.

This also applies to the use of HSMs or special USB tokens. When ordering CSCs via HARICA, you can order a corresponding HSM for a low price of 40 euros.

Ordering

All members of Graz University of Technology can order CSC via HARICA's Certificate Manager, but this has to be paid (EUR 240 for 2 years including the HSM).

To do so, first select Academic Login, search for Graz and select Graz University of Technology, and log in to the SSO system of Graz University of Technology.

Then go to the Code Signing section and select For enterprises or organizations (OV). Under Cryptographic device (token), click Add. In the Select the duration of your certificate section, select 2 years:

Then click Next.

In the next window, fill at least in all the required fields:

• Graz University of Technology
• Austria
• Graz
• Your email address
• Rechbauerstraße 12, 8010 Graz
• VAT: ATU 574 77 929

Answer the next question with More.

In the next window, select A. Use of the verified method of communication. Click Next to see a summary of your order

Confirm the details, and click Next again to open a window where you can decide whether you want to upload your own CSR or have HARICA generate one.

If you decide to let HARICA generate it, leave the default values in the next window, set a password that you can remember, and confirm that only you know this password.

Now click on Generate Private Key, CSR, and submit order.

tbc.