How To Integrate USB Token Code Signing Certificate With Build Server (Windows Server 2012 R2 Virtual Machine running on Hyper-V)

Question

We want to sign all of our build artifacts - dlls, exe files, setup packages etc.

This was working fine with post-build scripts for the last two years. But since February 2017 all CAs have introduced some hardware options (USB Token or HSMs.

So the idea is somehow to attach the USB token to our Hyper-V but as far as I know USB port is not available to the Guest OS out of the box.

So, what is your experience with this?

BennyBechDk · Answer 1 · 2017-12-07T13:30:07.590

2

Some of the same problems are adressed in this stackoverflow question: Automate Extended Validation (EV) code signing

Perhaps the problem can be solved using Remote signing (one on the answers to the above post) https://stackoverflow.com/a/35369264/34857

I have just read that some Certificates, can be exported, and the problem can be solved by that. As I read it, this is how node.js does it (https://github.com/nodejs/build/issues/874)

edited Dec 07 '17 at 13:30

answered Dec 07 '17 at 13:22

BennyBechDk

934
7
13

Thanks you. I've had a look at these posts already. The first one is a close match - the only drawback is that the machine must be physical and the console must not be locked. So One of our machines which will be used for signing must always stay unlocked :). – Nikolay Dec 08 '17 at 08:34

How To Integrate USB Token Code Signing Certificate With Build Server (Windows Server 2012 R2 Virtual Machine running on Hyper-V)

1 Answers1