Post a reply to the thread: Cannot use codesigning with in cloud certificate
Click here to log in
What's the name of our main installation product (in uppercase letters), directly followed by the current year?
You may choose an icon for your message from this list
Will turn www.example.com into [URL]http://www.example.com[/URL].
Re: Cannot use codesigning with in cloud certificate OK. Thanks.
Re: Cannot use codesigning with in cloud certificate
Re: Cannot use codesigning with in cloud certificate Originally Posted by linder Hi Geoff, BTW, the upcoming SetupBuilder 2025 supports Cloud based (EV) code-signing certificates and Microsoft Trusted Signing... BTW, HSM is supported too. Friedrich
Re: Cannot use codesigning with in cloud certificate Hi Geoff, as I understand it, ECDSA certificates work with signtool. So I think, we can implement it (if it does not already work). Yubikey is just hardware authentication device, so IMO it should work fine. When you have received the certificate with the hardware, please let me know and we can work on it (or test what we already have implemented in SB 2025). What do you think? Friedrich
Re: Cannot use codesigning with in cloud certificate OK. Thanks. So if I understand correctly, you're not planning on implementing ECDSA signing with a yubikey?
Re: Cannot use codesigning with in cloud certificate Hi Geoff, We can use our EV certificate (valid until August 2027) powered by a HSM in the current SetupBuilder version. When you have received yours, please let me know and we can configure it. BTW, the upcoming SetupBuilder 2025 supports Cloud based (EV) code-signing certificates and Microsoft Trusted Signing... Friedrich
Re: Cannot use codesigning with in cloud certificate We're purchasing a yubikey with our next certificate. Does SB require the HSM model for signing, or is it possible to use a yubikey for certificate authentication? If not, we'll be using the yubikey just to sign the exes and dlls (using ECDSA, which I understand signtool supports) within the install, and then then install itself via HSM. I presume that having signed the exes and dlls with the yubikey won't affect the signing of the install using HSM (RSA). Is that correct?
Re: Cannot use codesigning with in cloud certificate I think a standard (cloud) certificate should work fine, too. Just the identity background check for EV is different. I'll come back to you when I am ready with the new code-signing module. Thank you for your help! Friedrich
Re: Cannot use codesigning with in cloud certificate That's sounds great! I don't have an EV certificate, it's a standard one, but it still has the keys in the cloud. Let me know whenever you're ready.
Re: Cannot use codesigning with in cloud certificate Hello, yes, we have completely rewritten the code-signing stuff in the new version. We are using the thumbprint now. BTW, we are waiting for our new Microsoft Thrusted Signing access. After that, we'll finish development of the code-signing module. We have an EV code-signing and an EV in the cloud certificate now and it's working fine! I'll keep you posted. It would great, if you could test it when available. Friedrich
Cannot use codesigning with in cloud certificate Hello, Is there any way that SB could use the thumbprint of the certificate rather than the PFX and password? Signtool works perfectly using the /SHA1 tag and the certificate thumbprint. Everything else is the same. I always thought that it shells out or calls signtool to codesign itself. Right now I have it working by turning off the Add a Digital Signature, Installer Integrity Check and Verify Code-Signed At Startup. FYI - I have the same problem in anything that auto-codesigns during/after a compile. Is there another work around for this? Thanks
Cannot use codesigning with in cloud certificate
Forum Rules
