First off, thank you for osslsigncode — it's the reason I can cover every Authenticode format (MSI, CAB, catalog, APPX, scripts) with almost no work of my own.
Sharing this in case it helps other Certum users landing here. Signing with a Certum "Open Source" cloud cert normally means running SimplySign Desktop (the GUI + p11-kit route). I wrote a small PKCS#11 module, ssign-pkcs11, that talks to Certum's SimplySign cloud directly over HTTPS — no desktop app, no smart card — so osslsigncode can sign with it from any OS, Linux CI included:
osslsigncode sign -pkcs11module ./libssign_pkcs11.so \
-pkcs11cert 'pkcs11:type=cert' -key 'pkcs11:type=private' \
-ac certum-code-signing-2021-ca.pem -h sha256 -t http://time.certum.pl/ \
-in installer.msi -out installer-signed.msi
The module only supplies the cloud key — osslsigncode does all the actual format handling, which is exactly why this took so little effort. I'm not asking for any code changes; just flagging it in case a docs pointer for Certum-cloud users would be useful. Thanks again for the tool.
First off, thank you for osslsigncode — it's the reason I can cover every Authenticode format (MSI, CAB, catalog, APPX, scripts) with almost no work of my own.
Sharing this in case it helps other Certum users landing here. Signing with a Certum "Open Source" cloud cert normally means running SimplySign Desktop (the GUI + p11-kit route). I wrote a small PKCS#11 module, ssign-pkcs11, that talks to Certum's SimplySign cloud directly over HTTPS — no desktop app, no smart card — so osslsigncode can sign with it from any OS, Linux CI included:
The module only supplies the cloud key — osslsigncode does all the actual format handling, which is exactly why this took so little effort. I'm not asking for any code changes; just flagging it in case a docs pointer for Certum-cloud users would be useful. Thanks again for the tool.