Replies: 5 comments 25 replies
-
The TeamViewer custom client and the AnyDesk custom client both use DigiCert. I don't know if DigiCert might have options for private keys outside of security modules, maybe you can ask them. If all CAs are enforcing security modules, then it would mean GitHub CI will not work for anyone else requiring code signing, which would be very concerning. |
Beta Was this translation helpful? Give feedback.
-
@rustdesk Maybe this helps: |
Beta Was this translation helpful? Give feedback.
-
We bought a certificate from GlobalSign and stored it in AzureKeyVault, like in this Walkthrough. This way at least no Hardware-Token is required and signing can be automated easily. https://melatonin.dev/blog/how-to-code-sign-windows-installers-with-an-ev-cert-on-github-actions/ |
Beta Was this translation helpful? Give feedback.
-
I had the same issue for my pipeline, ended up writing a REST API in C# to sign the file (using jsign) and return it. I could probably share it, but since it is to be used over the internet I don't have any kind of authentication, my use case was for docker and windows server on the same host. I also have Sectigo's IV certificate. |
Beta Was this translation helpful? Give feedback.
-
Azure Dedicated HSM pricing: $4.85 per hour, https://azure.microsoft.com/en-gb/pricing/details/azure-dedicated-hsm/ Digicert's KeyLocker pricing:
Azure keyvault pricing: https://azure.microsoft.com/en-us/pricing/details/key-vault/ $3.20 hourly fee plus the other fees |
Beta Was this translation helpful? Give feedback.
-
Our OV certificate expired yesterday. We bought a new OV certificate from Sectigo and received a hardware token storing the certificate, but it can not be used in Github CI since the private key can not be exported out of the hardware token.
Beta Was this translation helpful? Give feedback.
All reactions