How to Configure the Signing Environment?

This Description shows the steps needed to configure a Signing Environment and start a build with signing enabled.

This description can either be followed with Visual Studio or Windows SDK , the individual steps will vary according to the tool used.

Note: By default the PFX sigining is performed using "sha256" encryption and the Sign Servers digicert and geotraust and 5 retries. To adapt the signing behaviour the build step "SignMsiFiles" needs to be manually adapted, see BuildProduct.yml
CAUTION: The implementation does not allow signing with PFX certificates that do not use a password!
  1. Set up the Environment with Visual Studio or Windows SDK

    • Configuring a signing Environment with Visual Studio:

      • Copy the file setSignEnvironment.ps1 to the root dir (from .vscode).

        • Optional step: If desired, adapt setSignEnvironment.ps1 to ensure signtool is added to the path. The script checks if the variables are set and overwrites them when they are not set.

        • Add a valid PFX certificate File. (For testing purposes, the Example certificate in the automation folder can be used for signing. For production environments, the certificate must come from a Certification Authority!)

        • Set PFX Filepath . The full path must be used for this!

        • Set PFX Password.

    • Configuring a signing Environment with Windows SDK:

      • Add signtool.exe to the PATH variable.

      • Set the PFXFILE environment variable for the PFX File.

      • Set the PFXPASS environment variable for the password.

  2. Start your build. See How to Start a Build?