Updating the code signing certificate for CI (AST-74473)

Checkmarx · Nov 12, 2024 · 8d9ffde · 8d9ffde
1 parent d8e3069
commit 8d9ffde
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/scripts/signing_win.sh b/.github/scripts/signing_win.sh
@@ -21,6 +21,10 @@ REMOTE_PATH="/tmp"
 # HSM credentials
 HSM_CREDS=$SIGNING_HSM_CREDS
 
+# Certificate properties
+CERT_LABEL="CNGRSAPriv-cx-signing-2024"
+CERT_LOCATION="/home/ubuntu/checkmarx_2024.crt"
+
 # Check if OS is windows
 if [ "$OS_TYPE" != "windows" ]; then
   echo "The artifact is not a windows binary file, exiting."
@@ -53,7 +57,7 @@ if [ $? -ne 0 ]; then
 fi
 
 # Sign
-ssh -n -i "$SSH_KEY_PATH" -o StrictHostKeyChecking=no "$REMOTE_USER@$REMOTE_HOST" "osslsigncode sign -certs /home/ubuntu/checkmarx.crt  -key 'pkcs11:object=CNGRSAPriv-cx-signing' -pass $HSM_CREDS -pkcs11module /opt/cloudhsm/lib/libcloudhsm_pkcs11.so -t http://timestamp.digicert.com -in '$REMOTE_PATH/$FILENAME' -out '$REMOTE_PATH/$FILENAME_SIGNED'"
+ssh -n -i "$SSH_KEY_PATH" -o StrictHostKeyChecking=no "$REMOTE_USER@$REMOTE_HOST" "osslsigncode sign -certs $CERT_LOCATION -key 'pkcs11:object=$CERT_LABEL' -pass $HSM_CREDS -pkcs11module /opt/cloudhsm/lib/libcloudhsm_pkcs11.so -t http://timestamp.digicert.com -in '$REMOTE_PATH/$FILENAME' -out '$REMOTE_PATH/$FILENAME_SIGNED'"
 # Check remote command status
 if [ $? -ne 0 ]; then
     echo "Failed to sign file $FILENAME"