Jump to content
Bart Kindt

How to attach a DigiCert Token certificate to exeutable

Recommended Posts

My pre and post command jobs do other stuff as well as signing, copy files to various directories.

 

Beware the signtool /a command only works when there is just one certificate available...

 

Angus

 

Share this post


Link to post
4 hours ago, Angus Robertson said:

My pre and post command jobs do other stuff as well as signing, copy files to various directories.

 

Beware the signtool /a command only works when there is just one certificate available...

 

Angus

 

One certifcate is already one too many for me...

Share this post


Link to post

I can't find a way of saving or pinning threads like this so have replied instead as this is a goldmine of information.

I'm half way through my 3 years on the old way of doing things and that was a nightmare to get the right files in the first place and setup so I was not looking forward to having to change to a token.

I think this thread and @Vincent Parrett's blog post could well help everyone.

regards

Dave.

Share this post


Link to post
On 12/1/2023 at 7:25 PM, Vincent Parrett said:

Alternatively - (vendor plug) - use FinalBuilder to generate your release builds - in which case code signing is pretty easy.

 

We're getting ready to tackle this new problem of code signing with tokens.  Do you have any guides for using AWS Cloud HSM with FinalBuilder?  Is that available as an action?  We're using an older copy of FinalBuilder - hopefully I can buy a new version and get this working. 

 

Share this post


Link to post
26 minutes ago, Darian Miller said:

Do you have any guides for using AWS Cloud HSM with FinalBuilder?

No, not specifically - you would just use signtool I guess. 

 

https://docs.aws.amazon.com/cloudhsm/latest/userguide/signtool.html

 

However that seems to suggest this only works if you are running on an EC2 instance. I guess to use cloud hsm with signtool over the internet you would have to create vpn access (not sure if that is possible). 

FWIW, we are working on a product to simplify code signing with hsm's  tokens (well ones that provide support pkcs#11). AWS does have pkcs#11 client library but we have not yet tested with it yet. I expect to make an announcement about the product in a few weeks (currently fleshing out the configuration interface).   

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×