Friedrich,

I am sure you are aware of the new code signing rules for certificates sold after June 1, 2023.

How is SB going to function in that environment? It's curious, particularly as it relates to vendors offering HSM signatures that live somewhere in the cloud (AWS and others).

Some online services are popping up now (including the AWS HSM one I mentioned previously), and it appears that all of them will require 2 passes (at best) to sign an installers files (wildcarded) and then to sign the installer.

The more passes, the more you pay.

Mark

Hi Mark,

at the moment, SB only supports software-based (traditional) and EV code-signing certificates. Code-signing is handled by Microsoft SignTool.

Do you have such a certificate available that lives on AWS?

Friedrich

Friedrich,

We set it up, but the ongoing costs were prohibitive given that we didn't know if we'd be able to use it. Result: We turned it off for now.

Until we can do that, I may have to move builds from AWS back to my house, which is really undesirable. Or at least move signing to my house and ship files back and forth. Also undesirable.

Mark

Hi Mark,

all this (new and old <g>) certificate stuff is a nightmare..........

Friedrich

Mark,

I have requested information from several providers on how to use the new "code-signing in the cloud" stuff. Not too much information available right now...

Friedrich

IIRC, there are several SAAS based providers, plus AWS (and I suspect, Azure). I havent looked much beyond that. One of our guys is handling it.

BTW, we found another way to get HSM to work without paying $1000 a month for a HSM instance. Will eventually get this written up on ClarionHub.com

WOW. Could you please keep me posted on how this work (for you)?

Thanks,
Friedrich

It's working fine. Already in production in our cloud.

Very cool! It would be great if we could work on this so we have a built-in solution in SB...

Friedrich