maxschaf
Posts: 9
Joined: Thu Aug 05, 2021 8:46 am

Switch Code Signing from token to HSM within certificate chain of trust

Thu Aug 05, 2021 8:48 am

At the moment we sign the .exe and installer package with a Standard Code Sign Certificate for token using a Safenet USB token. We want to move to the cloud and use Azure Key Vault there. Azure Key Vault needs a HSM certificate and we need to buy a new one. Is it possible to switch from token to HSM and will the old deployed Windows Services signed with the token certificate accept new update packages signed with the new HSM certificate?

As far as I understand it, the private key is stored on the usb token and we can't get it, so HSM will use a new private key?

We use GlobalSign certificates.

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Switch Code Signing from token to HSM within certificate chain of trust

Mon Aug 09, 2021 8:30 am

Hi and welcome to our forums,

If you use our Updater tool to check for and install updates packages, then you should check into your setup project (in "Updater" page) and see if you have the Install only digitally signed update packages signed with the same certificate as the Updater option checked.
screenshot.jpg
screenshot.jpg (347.51KiB)Viewed 37703 times
If so, then you should request from the new certificate vendor that your new certificate is built and created using the same Subject as your old certificate.

Otherwise, if you do not use the above option, then there will be no limitations caused by a new certificate.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

maxschaf
Posts: 9
Joined: Thu Aug 05, 2021 8:46 am

Re: Switch Code Signing from token to HSM within certificate chain of trust

Mon Aug 09, 2021 9:13 am

thanks for your answer, we will try that. BR

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Switch Code Signing from token to HSM within certificate chain of trust

Tue Aug 10, 2021 8:47 am

You are always welcome!

Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”