Hardware Security Modules for extended validation certs

dgreisen's Avatar

dgreisen

29 Nov, 2017 12:44 AM

Hello,

We currently use appveyor to build our MS Word plugins. We are looking to transition to an extended validation cert from digicert. https://www.digicert.com/code-signing/ev-code-signing/ states that we can use the cert with an HSM. Does appveyor support this?

Thank you,

David Greisen

  1. Support Staff 1 Posted by Feodor Fitsner on 29 Nov, 2017 01:23 AM

    Feodor Fitsner's Avatar

    Hi David,

    The page there says "...EV code signing certificates can be installed on HSMs".

    As far as I understand it's not a requirement, but rather an option (correct me if I'm wrong). Other than that code-signing certificate can be just exported as PFX and then imported during the build and used to sign the artifacts.

  2. 2 Posted by Zach on 14 Dec, 2017 07:47 AM

    Zach's Avatar

    We are also in the same boat. I'm assuming David is asking about HSM, because that seems to be the only solution for code signing with EV on a VM.

    Does AppVeyor have a solution for performing EV code signing?

  3. 3 Posted by Ilya Finkelshte... on 14 Dec, 2017 09:58 AM

    Ilya Finkelshteyn's Avatar

    I think you private build cloud is what you need. Specifically own Hyper-V server to instantiate build VMs, or simple own physical build server. With those solutions you can safely use HSM or USB token.
    Note however that private build cloud is available for Premium plan, but no need to upgrade for trial. Also note that you can use private build cloud and AppVeyor cloud together, so some builds will run on AppVeyor, some on private build server.

  4. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:25 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac