cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DataAnalyzer
Level 8

How to Set Code Signing Info in One Place

Every release seems to require its Signing tab manually set with the Certificate URL, Digital Certificate File, and Certificate Password.

Is there a way to set this in one place for all configurations and releases or programmatically in an InstallScript procedure so that when this information changes, we don't have to manually update each tab?

Thanks.
Labels (1)
0 Kudos
(6) Replies
Thananjeyan_M
Level 6

We can achieve this functionality using signtool.exe.
We have created a PFX file and passed as argument for this signtool.exe.


Please refer the below link

https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx


Thanks,
Thananjeyan
0 Kudos
DataAnalyzer
Level 8

I think you're missing the point of my original question. I don't need to know how to create a digital signature.

I want to be able to set it in one place for all my releases and not for each release within my ISM file.Is there a way to do so?
0 Kudos
JSClark
Level 6

We set ours using an environment variable. e.g., \Code Signing Cert.pfx
Looking at Media > Releases > Full > Web > Signing tab > Digital Certificate File

In Path Variables one sees: BUILD_ROOT_DIR = c:\dev\trunk
BUILD_ROOT_DIR must be set on each build machine but is independent of the build project.
0 Kudos
DataAnalyzer
Level 8

JS,

Thanks for your reply. I think we're doing the same thing but maybe I'm missing something special you're doing.

For the same ISM file, do you have multiple releases and/or product configurations? If so, don't you still have to specify your settings on each release's Signing tab, or are you describing a way to set/share it across multiple releases?
0 Kudos
JSClark
Level 6

DA,

Yes, each release has its own Signing tab. In our case the Signing tabs are identical for both releases, especially for the Digital Certificate File field. This field is:
\Code Signing Cert.pfx

Here’s what I have:

One ISM file
Two releases:
Media > Releases > Full > Web
Media > Releases > Full > Uncompressed

Web and Uncompressed each have their own Signing tab.
0 Kudos
DataAnalyzer
Level 8

Agreed. I have many more than two releases, and many products each with many releases. That's why I was looking for a way to set this in one place.

It would be quite uncommon to have multiple code signing certificates, so I was hoping for a centralized location to set this. Doesn't sound like that exists.
0 Kudos