Support for DigiCert KeyLocker

Got a problem you cannot solve? Try here.
dfdz
Posts: 2
Joined: Thu Feb 02, 2023 5:34 pm

Support for DigiCert KeyLocker

Postby dfdz » Mon Jan 15, 2024 4:49 pm

We just renewed our signing certificates, and they are now stored in DigiCert KeyLocker.(https://docs.digicert.com/en/digicert-keylocker.html)

I can download a P12 file, but using it requires both a password and an API token. I don't see a way to do this in InstallAware.

Does anyone know if there's a method of signing using this new method from within InstallAware? Or will I need to create my own post process after building the install?

BartWilson
Posts: 34
Joined: Mon Mar 01, 2021 9:01 am

Re: Support for DigiCert KeyLocker

Postby BartWilson » Fri Jan 26, 2024 11:48 am

I'm definitely interested in how we will support doing Authenticode in InstallAware given the changes set forth in June 2023 for certificates. I did see that with InstallAware X16 that it will support "Extended Verification" but documentation on how that works is not clear.

For your case, I'm wondering if you'll have to create items in the pre-compress and post-compress build events where you have to write your own tool to sign the files. Before InstallAware added the SHA256ONLY I had followed this forum article to do signing of the files/installer through the build events:
viewtopic.php?f=2&t=11486&p=43740&hilit=sha1+signing#p43740

When our certificate expires coming up I'm guessing I'm going to have to move back to doing the signing via external scripts given I don't see an easy way to support the KeyLocker or using something like Digicert's Software Trust Manager. I'd be curious if InstallAware will eventually add support given the June 2023 changes to code signing certs. Won't know until that feature is released however.

FrancescoT
Site Admin
Posts: 5361
Joined: Sun Aug 22, 2010 4:28 am

Re: Support for DigiCert KeyLocker

Postby FrancescoT » Tue Feb 13, 2024 6:00 am

in order to use an EV Token you have, as first, you have to export from your EV Token the "Extended Validation Code Signing Certificate" to a local path.

safenet_export_cert.png
safenet_export_cert.png (12.76 KiB) Viewed 8352 times

Then in the InstallAware project "Authenticode settings" you have to specify:
• the Key Container as this is reported in the Advanced View of your SafeNet Client (see below image)
• the full path of your exported cert
• your EV Token password
safenet_adv_view.png
safenet_adv_view.png (47.91 KiB) Viewed 8352 times
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE


Return to “Technical Support”

Who is online

Users browsing this forum: Google [Bot] and 41 guests