I renewed our code signing certificate this month and it was delivered as a physical token rather than a .cer or .pfx file. I activated the token so it's now in the local certificate store and it works fine. The only issue is that I'm required to enter the token password half a dozen times when generating the installer.
When the cert is on disk, it's possible to have AI store the password in the installer. Is there a way to do that when using a certificate from the certificate store?
I can export the certificate from the token to a file; is that the best alternative?
Thanks --
Suggested Articles
Re: avoid entering code signing password multiple times
Hello,
We have recently investigated this using a YubiKey token and were unable to find a good workaround. We'll try to contact their support team to see whether it's possible to avoid having to input the pin this many times.
Best regards,
Catalin
Unfortunately not, due to security reasons.When the cert is on disk, it's possible to have AI store the password in the installer
We have recently investigated this using a YubiKey token and were unable to find a good workaround. We'll try to contact their support team to see whether it's possible to avoid having to input the pin this many times.
Best regards,
Catalin
Re: avoid entering code signing password multiple times
Thanks, Catalin. My token is from Sectigo in case you have better luck contacting them for some reason.
Re: avoid entering code signing password multiple times
You are always welcome!
And sure, we may try that, but first we wanted to prioritize YubiKey since this was reported more by our customers.
If you'd like, you could contact them since you're a paying customer.
For signing purposes, we use the default SignTool.exe, which comes with the OS. I think they might be able to assist in how to avoid those prompts, perhaps through a special command line or something like that.
Best regards,
Catalin
And sure, we may try that, but first we wanted to prioritize YubiKey since this was reported more by our customers.
If you'd like, you could contact them since you're a paying customer.
For signing purposes, we use the default SignTool.exe, which comes with the OS. I think they might be able to assist in how to avoid those prompts, perhaps through a special command line or something like that.
Best regards,
Catalin
Re: avoid entering code signing password multiple times
Thanks for the suggestion to contact Sectigo -- they responded immediately with exactly what I needed. It turns out there's a setting for this!
Note that they don't recommend using this setting. However, it is available and using it in a properly controlled environment makes sense to me.You can "Enable Single Logon" which will not prompt you to enter the password every time but it is only valid until screen locks. You can Enable this by opening the SafeNet Authentication Client Tools> Settings icon > Client Settings > Advanced > "Enable Single Logon" and Click Save.
Once it is enabled, the Safenet client asks password once per login session. If the computer is locked, then you have to enter the password for the next session.
However, For regular code signing, We highly recommend disabling this feature as this is not a good practice.
Re: avoid entering code signing password multiple times
Thank you for your followup on this and for sharing your solution with us! 
I am sure this will be of help for further users facing a similar scenario.
Best regards,
Catalin
I am sure this will be of help for further users facing a similar scenario.
Best regards,
Catalin