Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Your DigiCert Code Signing certificate expires in 90 days #3491

Closed
richardlau opened this issue Sep 19, 2023 · 7 comments · Fixed by nodejs/node#50956
Closed

Your DigiCert Code Signing certificate expires in 90 days #3491

richardlau opened this issue Sep 19, 2023 · 7 comments · Fixed by nodejs/node#50956

Comments

@richardlau
Copy link
Member

The code signing certificate we use for Windows (obtained in 2020) is expiring on 18 December 2023. We've now got a reminder email through to the accounts email alias from DigiCert.

We'd need to go through the OpenJS Foundation for payment (cc @bensternthal). This might be a good opportunity to hand this bit (the certificate ownership/renewal) over to the Linux Foundation as part of the longer term discussions around the Sovereign Tech Fund initiative.

If we continue with DigiCert, we need to be aware of (based on what we're currently doing):

Once we have a new signing certificate we'd need to install it on all of the Windows release machines (cc @StefanStojanovic ).

@rvagg
Copy link
Member

rvagg commented Sep 19, 2023

This is always a painful one, thankfully it renews infrequently; if you need help getting this over the line I can try and dig up memories of how it goes down. Authenticode certificates require more KYC than most of the certs we manage, so there's hoops to jump through. I don't recall if it's easier for a renewal but I suspect not.

@StefanStojanovic
Copy link
Contributor

I'm available to deploy certificates when we get them. When is that expected to happen?

@bensternthal
Copy link

I am currently working to get the OpenJS account approved/verified with digicert. It does involve a phone call and is a pain :) I hope to have it done this week.

Once that is complete I'd like to purchase the new cert with @rvagg or someone similar on a call. Basically, I screen share, and we ensure I do everything correctly.

@mhdawson
Copy link
Member

mhdawson commented Oct 3, 2023

@bensternthal. @richardlau and I discussed today. Let us know once you have the account approved/verified and then the two of us will set up a call with you to go through and do the purchase.

@bensternthal
Copy link

Ok after two phone calls I was finally able to get the foundation validated. We are good to proceed. If you want to reach out via email we can work out a time to go through the purchase.

@mhdawson
Copy link
Member

@bensternthal @richardlau sent email

@richardlau
Copy link
Member Author

Certificate was purchased last week (14 November 2023). @bensternthal gave access to the DigiCert account to @StefanStojanovic.

StefanStojanovic added a commit to JaneaSystems/node that referenced this issue Dec 11, 2023
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: nodejs#50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon pushed a commit to nodejs/node that referenced this issue Dec 15, 2023
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS pushed a commit to nodejs/node that referenced this issue Dec 15, 2023
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon pushed a commit to nodejs/node that referenced this issue Dec 15, 2023
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon pushed a commit to nodejs/node that referenced this issue Dec 19, 2023
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon pushed a commit to nodejs/node that referenced this issue Jan 9, 2024
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
richardlau pushed a commit to nodejs/node that referenced this issue Jan 12, 2024
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: #50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this issue Apr 25, 2024
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: nodejs/node#50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this issue Apr 25, 2024
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: nodejs/node#50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
abhishekumar-tyagi pushed a commit to abhishekumar-tyagi/node that referenced this issue May 5, 2024
As a part of the new signing requrements for Windows change approach to
use the DigiCert cloud HSM service KeyLocker.

PR-URL: nodejs/node#50956
Fixes: nodejs/build#3491
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants