Does AL-Go supports HSM Secured Certificates? #675
Comments
|
Yes, setup connection to an Azure KeyVault and specify keyVaultCodesignCertificateName in settings. |
|
Does anyone have an idea of how to integrate an HSM-secured certificate (DigiCert) with Azure Key Vault? To be honest, we're somewhat desperate and neither DigiCert nor Microsoft can assist us. |
|
After going back and forth with DigiCert, we found out that there was a system error when uploading the CSR file. Once that was corrected, it now works. |
|
Thanks for the update |
|
It now appears that I have successfully linked the certificate. Unfortunately, something is still not working properly with the AzureSignTool. It says that the .app file might be corrupt. What could be the cause of this? Are there any clues or indicators I should look for? info: AzureSignTool.SignCommand[0] |
|
Seems to be related to our Build Agents; everything runs smoothly under the GitHub Runner. |
|
The error message "The file cannot be signed because it is not a recognized file type for signing or it is corrupt." sounds a bit like the NavSip.dll isn't registered successfully on your self-hosted runner. Not sure why that is though. Have you been able to sign .app files on these machines before? |
|
It is the first time ever signing an app with azuresigntool because we switched from a password-protected PFX-File to an HSM KeyVault. I will try to setup a new agent.
Gesendet von Outlook für iOS<https://aka.ms/o0ukef>
…________________________________
Von: Alexander Holstrup ***@***.***>
Gesendet: Wednesday, September 6, 2023 7:39:28 PM
An: microsoft/AL-Go ***@***.***>
Cc: Lehmkuhl, Jan ***@***.***>; Author ***@***.***>
Betreff: Re: [microsoft/AL-Go] Does AL-Go supports HSM Secured Certificates? (Issue #675)
The error message "The file cannot be signed because it is not a recognized file type for signing or it is corrupt." sounds a bit like the NavSip.dll isn't registered successfully on your self-hosted runner. Not sure why that is though. Have you been able to sign .app files on these machines before?
—
Reply to this email directly, view it on GitHub<#675 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AWSLDPJRX6C3TPHXNXSURU3XZCYNBANCNFSM6AAAAAA36B3UUY>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Unfortunately, it still fails with a new build agent. Exactly in the same place. I have installed the GitHub CLI, PowerShell 7 and the DotNET SDK 6.0 in addition to Docker. Something still seems to be wrong with this NAVSIP.dll. What could be missing? |
|
What user is the self-hosted agent running as? |
|
|
|
Could you try to change that to Local System Account? |
|
Unfortunately, this did not help.
|
|
OK - could you try to run the agents as an admin user maybe? (or network_Service) |
|
No problem, let's find out. But the problem is still there, unfortunately. Thanks for the tips |
|
@aholstrup1 - can you find out whether the NAVSip.dll has any dependencies (maybe on some C++ runtime or like, which might not be installed on this runner)? |
|
✅ The Visual C++ Redistributable Packages for Visual Studio 2013 in the 64bit version was the missing link. 🎉 https://www.microsoft.com/de-DE/download/details.aspx?id=40784 Thank you all |
|
Thanks Jan |
Does AL-Go Support HSM Secured Certificates? We are currently in the situation that our certificate has expired and we now have a new certificate secured with HSM.
#564 (comment)
The text was updated successfully, but these errors were encountered: