Hardware Security Modules for extended validation certs
Hello,
We currently use appveyor to build our MS Word plugins. We are looking to transition to an extended validation cert from digicert. https://www.digicert.com/code-signing/ev-code-signing/ states that we can use the cert with an HSM. Does appveyor support this?
Thank you,
David Greisen
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Feodor Fitsner on 29 Nov, 2017 01:23 AM
Hi David,
The page there says "...EV code signing certificates can be installed on HSMs".
As far as I understand it's not a requirement, but rather an option (correct me if I'm wrong). Other than that code-signing certificate can be just exported as PFX and then imported during the build and used to sign the artifacts.
2 Posted by Zach on 14 Dec, 2017 07:47 AM
We are also in the same boat. I'm assuming David is asking about HSM, because that seems to be the only solution for code signing with EV on a VM.
Does AppVeyor have a solution for performing EV code signing?
3 Posted by Ilya Finkelshte... on 14 Dec, 2017 09:58 AM
I think you private build cloud is what you need. Specifically own Hyper-V server to instantiate build VMs, or simple own physical build server. With those solutions you can safely use HSM or USB token.
Note however that private build cloud is available for Premium plan, but no need to upgrade for trial. Also note that you can use private build cloud and AppVeyor cloud together, so some builds will run on AppVeyor, some on private build server.
Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:25 AM.