-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Your DigiCert Code Signing certificate expires in 90 days #3491
Comments
This is always a painful one, thankfully it renews infrequently; if you need help getting this over the line I can try and dig up memories of how it goes down. Authenticode certificates require more KYC than most of the certs we manage, so there's hoops to jump through. I don't recall if it's easier for a renewal but I suspect not. |
I'm available to deploy certificates when we get them. When is that expected to happen? |
I am currently working to get the OpenJS account approved/verified with digicert. It does involve a phone call and is a pain :) I hope to have it done this week. Once that is complete I'd like to purchase the new cert with @rvagg or someone similar on a call. Basically, I screen share, and we ensure I do everything correctly. |
@bensternthal. @richardlau and I discussed today. Let us know once you have the account approved/verified and then the two of us will set up a call with you to go through and do the purchase. |
Ok after two phone calls I was finally able to get the foundation validated. We are good to proceed. If you want to reach out via email we can work out a time to go through the purchase. |
@bensternthal @richardlau sent email |
Certificate was purchased last week (14 November 2023). @bensternthal gave access to the DigiCert account to @StefanStojanovic. |
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: nodejs#50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: #50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: nodejs/node#50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: nodejs/node#50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
As a part of the new signing requrements for Windows change approach to use the DigiCert cloud HSM service KeyLocker. PR-URL: nodejs/node#50956 Fixes: nodejs/build#3491 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
The code signing certificate we use for Windows (obtained in 2020) is expiring on 18 December 2023. We've now got a reminder email through to the accounts email alias from DigiCert.
We'd need to go through the OpenJS Foundation for payment (cc @bensternthal). This might be a good opportunity to hand this bit (the certificate ownership/renewal) over to the Linux Foundation as part of the longer term discussions around the Sovereign Tech Fund initiative.
If we continue with DigiCert, we need to be aware of (based on what we're currently doing):
Once we have a new signing certificate we'd need to install it on all of the Windows release machines (cc @StefanStojanovic ).
The text was updated successfully, but these errors were encountered: