You can setup a fully automated signing as part of your builds with no entry of any passwords.  This can be done for regular PB as well as PS applications.  It is done via a command file (batch file).

we use usb tokens, but the same can apply to key vaults.  key vaults tend to have a max # of signings, we sometimes do multiple daily builds and we have about 7 exe's that get signed, not including the powerserver stuff.  So for us it made more sense to use the token.  If you are just doing an occasional build and only have a few exes, then i would probably do more of a manual signing.

We use the EV token (used to use the standard one).  I think the EV is worth using if you are deploying a powerserver application - otherwise you get the browser warnings when you download the PS launcher.

 We use Comodo.  The process of getting verified can take a while.  code signing certs are expensive now.

the PS help is pretty good on giving you how to setup a command file.  i wish i had it before going through the process of searching stack overflow on how to get it to work.

https://docs.appeon.com/ps2022r3/Security_page.html#Signing

 How to setup a hardware token to sign without having to enter a password:

 https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken

Hi Rob,

I ended up using SSL.com. Someone else had posted they were reasonably priced.  This is from their confirmation email:

Your SSL.com 1 Year Code Signing order ref ****** has been issued.

It now supports cloud signing using eSigner.com and other 3rd party applications that are compliant with the CSC (Cloud Signature Consortium) protocol and SSL.com's eSigner API.

Signing is now as easy as dragging a file onto a web page. No need to handle USB tokens anymore!

I installed Google Validator on my phone, and now every time I build the app it prompts me for a code from the validator, then carries on and creates the deployment package.  I also had to load SSL's eSigner Cloud Key Adapter software on my production server.

I still had trouble with the antivirus on my laptop spitting out the installable cloud app, but I set a few more of the security features (app validation and embedded manifest), and finally the cloud app loaded successfully.  I haven't come across any more problems since.

Hope this helps,

Monica.

Hi

We are trying to work through this as well. It looks like the security standards have ramped up and is a lot more complicated than it used to be. For example the CSR needing to come from a high level secure hardware device (and not just the machine we are running IIS on).

I've also heard that some only get provided on external devices such as USB sticks which PowerBuilder doesn't appear to recognise during the build process.

I'm hoping someone is able to jump in here and give us some advice.

Regards

Rob