Skip to Main Content
Spotfire Ideas Portal
Status Already exists
Product Spotfire
Categories API
Created by Guest
Created on Nov 15, 2023

sign spk with code signing certificates only existing in OS's certificate store

Due to regulation change by the CA/Browser Forum, code signing certificates issued by a CA (e.g. Sectigo) is shipped in a HSM (USB drive) and only available as an entity in the OS's certificate store on which the HSM is plugged in. The code signing certificates are no longer provided as a *.pfx file, nor it can be exported from the OS's certificate store.


https://www.sectigo.com/knowledge-base/detail/Changes-to-Sectigo-Code-Signing-Offerings/kA03l000000BoIs


The Package Builder needs a full path to the *.pfx file, in order to sign the spk, now due to above change this is no longer possible.


Please update Package Builder to utilize code signing certificates stored in the OS's certificate store so we can sign the spk.


This is urgent because the code signing certificate we are using has expired and the re-issued one only exists in OS's certificate store.


We need this for both Spotfire 12.0LTS and 14.0LTS.