On 10/10/2023 8:53 AM, matthias rebbe via use-livecode wrote:
Hello Paul,
unfortunately this is the "new" standard. Since 1st June 2023 private keys has
to be stored on a Token.
https://www.sslpoint.com/new-private-key-storage-requirement-for-standard-code-signing-certificates/
There is no way anymore to export a certificate for example to .pfx.
And much more of a pain, it is not possible anymore to code sign Windows app
under macOS or at least i was not able to so so far.
I have a "cloud" certificate from Certum which i purchased from SSL Point
(https://www.sslpoint.com <https://www.sslpoint.com/>)
With this type of certificate the private key is not stored on a USB token. This "cloud"
certifcate works similar to a usb token. I also have to install some software. This software allow
me to login to the "cloud" and after successful login i can use that certificate
with Microsoft's signtool and JARsigner.
https://www.files.certum.eu/documents/manual_en/Code-Signing-signing-the-code-using-tools-like-Singtool-and-Jarsigner_v2.3.pdf
So to automate your signing, you just have to keep a Windows PC running and make sure
that you are logged in to the "Cloud". As long as the software is logged in you
have access to the certificate.
I don't know if this is also the case with the USB Token. Could not test it,
because i do not have a usb token. ;)
Regards,
Matthias
First, thank you for the very informative reply (with links!)
Second, this "new" standard STINKS!
The cloud cert sound interesting, but we recently renewed out macOS cert
and now we've just renewed our Windows cert, so, short of trying to get
money back from Comodo and switching to the "cloud", I guess I am stuck
with the "new" crappy standard.
I do not see how large software companies that automate build, signing,
and even QA testing can accept this change. But they must of the
suppliers of certs would not go this route for loss of income.
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
