We just renewed our signing certificates, and they are now stored in DigiCert KeyLocker.(https://docs.digicert.com/en/digicert-keylocker.html)
I can download a P12 file, but using it requires both a password and an API token. I don't see a way to do this in InstallAware.
Does anyone know if there's a method of signing using this new method from within InstallAware? Or will I need to create my own post process after building the install?
Support for DigiCert KeyLocker
-
BartWilson
- Posts: 31
- Joined: Mon Mar 01, 2021 9:01 am
Re: Support for DigiCert KeyLocker
I'm definitely interested in how we will support doing Authenticode in InstallAware given the changes set forth in June 2023 for certificates. I did see that with InstallAware X16 that it will support "Extended Verification" but documentation on how that works is not clear.
For your case, I'm wondering if you'll have to create items in the pre-compress and post-compress build events where you have to write your own tool to sign the files. Before InstallAware added the SHA256ONLY I had followed this forum article to do signing of the files/installer through the build events:
viewtopic.php?f=2&t=11486&p=43740&hilit=sha1+signing#p43740
When our certificate expires coming up I'm guessing I'm going to have to move back to doing the signing via external scripts given I don't see an easy way to support the KeyLocker or using something like Digicert's Software Trust Manager. I'd be curious if InstallAware will eventually add support given the June 2023 changes to code signing certs. Won't know until that feature is released however.
For your case, I'm wondering if you'll have to create items in the pre-compress and post-compress build events where you have to write your own tool to sign the files. Before InstallAware added the SHA256ONLY I had followed this forum article to do signing of the files/installer through the build events:
viewtopic.php?f=2&t=11486&p=43740&hilit=sha1+signing#p43740
When our certificate expires coming up I'm guessing I'm going to have to move back to doing the signing via external scripts given I don't see an easy way to support the KeyLocker or using something like Digicert's Software Trust Manager. I'd be curious if InstallAware will eventually add support given the June 2023 changes to code signing certs. Won't know until that feature is released however.
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: Support for DigiCert KeyLocker
in order to use an EV Token you have, as first, you have to export from your EV Token the "Extended Validation Code Signing Certificate" to a local path.
Then in the InstallAware project "Authenticode settings" you have to specify:
• the Key Container as this is reported in the Advanced View of your SafeNet Client (see below image)
• the full path of your exported cert
• your EV Token password
- safenet_export_cert.png (12.76 KiB) Viewed 7406 times
Then in the InstallAware project "Authenticode settings" you have to specify:
• the Key Container as this is reported in the Advanced View of your SafeNet Client (see below image)
• the full path of your exported cert
• your EV Token password
- safenet_adv_view.png (47.91 KiB) Viewed 7406 times
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Who is online
Users browsing this forum: No registered users and 9 guests
