Skip to content
Support
  • There are no suggestions because the search field is empty.

Upcoming Change: new Devicie code signing certificate

From November 17th, 2025 Devicie will switch to a new code signing certificate. The certificate provider will be changed which may impact customers using application control.

 

Devicie will soon be moving its Code Signing Certificate to a HSM (Hardware Security Module) vault as part of general maintenance and as an opportunity to enhance current practices. This means that the certificate provider will be changed for all Devicie managed applications. This will directly impact customers who are using application control technologies.

Affected customers

  • Customers using application control technologies such as WDAC (Windows Defender Application Control), App Control for Business, AppLocker, Airlock, Threat Locker or any others. 
  • Customers using publisher certificate based allow listing rules for application control

✏️ Note: application control is one of the Essential Eight mitigation strategies. If your organisation is aligned to Essential Eight (or in the process of implementing Essential Eight policies) then you may be impacted by this change.

Affected application types

  • Devicie Catalog applications
  • Devicie bespoke applications
  • Devicie Telemetry App

Required action

If you meet the affected customer criteria above than then you will need to update your allow listing rule configuration by following the instructions below. 

WDAC / App Control for Business

If you have currently configured publisher certificate rules, then you should have a current rule that looks like this:

<Signer ID="ID_SIGNER_S_E9" Name="Sectigo Public Code Signing Root R46">
<CertRoot Type="TBS" Value="A229D2722BC6091D73B1D979B81088C977CB028A6F7CBF264BB81D5CC8F099F87D7C296E48BF09D7EBE275F5498661A4"/>
<CertPublisher Value="Devicie Pty Ltd"/>
</Signer>
In order to prepare for the upcoming certificate change, you need to ddd the following publisher rule alongside your existing one:
 

<Signers> section

<Signer ID="ID_SIGNER_S_DEVICIE" Name="Verokey High Assurance Secure Code EV">
<CertRoot Type="TBS" Value="7AD015EE948651896BD2EC10FC5B142BDBACA6B81EDAAB5AE8473A7D18B049C55100BF3A526AE4F056343C218B6F3361"/>
<CertPublisher Value="Devicie Pty Ltd"/>
</Signer>
 <AllowedSigners> section
<AllowedSigner SignerId="ID_SIGNER_S_ DEVICIE"/>
 <CiSigners> section
<CiSigner SignerId="ID_SIGNER_S_ DEVICIE"/>
 
Your current rule should look like this
<Signer ID="ID_SIGNER_S_E9" Name="Sectigo Public Code Signing Root R46">
<CertRoot Type="TBS" Value="A229D2722BC6091D73B1D979B81088C977CB028A6F7CBF264BB81D5CC8F099F87D7C296E48BF09D7EBE275F5498661A4"/>
<CertPublisher Value="Devicie Pty Ltd"/>
</Signer>

Other application control tools

For customers using other solutions for allow listing, you should create a publisher rule based on the certificate file provided below:
 

🔐Devicie Code Signing Cert NOV2025