1. Monica Petersen
  2. PowerServer
  3. Wednesday, 17 April 2024 02:21 AM UTC

Hi All,

With regards to signing a PowerServer Installable Cloud App, is there a consensus on where to buy the certificate, and what type of certificate to buy?  I'm overwhelmed by the choices, and worried I'll buy one that won't work properly with PowerServer.  It would be great to hear what has worked well for people.

Thanks,

Monica.

mike S Accepted Answer Pending Moderation
  1. Monday, 22 April 2024 13:29 PM UTC
  2. PowerServer
  3. # 1

You can setup a fully automated signing as part of your builds with no entry of any passwords.  This can be done for regular PB as well as PS applications.  It is done via a command file (batch file).

we use usb tokens, but the same can apply to key vaults.  key vaults tend to have a max # of signings, we sometimes do multiple daily builds and we have about 7 exe's that get signed, not including the powerserver stuff.  So for us it made more sense to use the token.  If you are just doing an occasional build and only have a few exes, then i would probably do more of a manual signing.

 

We use the EV token (used to use the standard one).  I think the EV is worth using if you are deploying a powerserver application - otherwise you get the browser warnings when you download the PS launcher.

 

 We use Comodo.  The process of getting verified can take a while.  code signing certs are expensive now.

 

the PS help is pretty good on giving you how to setup a command file.  i wish i had it before going through the process of searching stack overflow on how to get it to work.

https://docs.appeon.com/ps2022r3/Security_page.html#Signing

 

 How to setup a hardware token to sign without having to enter a password:

 https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken

Comment
There are no comments made yet.
Monica Petersen Accepted Answer Pending Moderation
  1. Sunday, 21 April 2024 22:19 PM UTC
  2. PowerServer
  3. # 2

Hi Rob,

I ended up using SSL.com. Someone else had posted they were reasonably priced.  This is from their confirmation email:

Your SSL.com 1 Year Code Signing order ref ****** has been issued.

It now supports cloud signing using eSigner.com and other 3rd party applications that are compliant with the CSC (Cloud Signature Consortium) protocol and SSL.com's eSigner API.

Signing is now as easy as dragging a file onto a web page. No need to handle USB tokens anymore!

I installed Google Validator on my phone, and now every time I build the app it prompts me for a code from the validator, then carries on and creates the deployment package.  I also had to load SSL's eSigner Cloud Key Adapter software on my production server.

I still had trouble with the antivirus on my laptop spitting out the installable cloud app, but I set a few more of the security features (app validation and embedded manifest), and finally the cloud app loaded successfully.  I haven't come across any more problems since.

Hope this helps,

Monica.

Comment
There are no comments made yet.
Rob Stevens Accepted Answer Pending Moderation
  1. Sunday, 21 April 2024 20:48 PM UTC
  2. PowerServer
  3. # 3

Hi

We are trying to work through this as well. It looks like the security standards have ramped up and is a lot more complicated than it used to be. For example the CSR needing to come from a high level secure hardware device (and not just the machine we are running IIS on).

I've also heard that some only get provided on external devices such as USB sticks which PowerBuilder doesn't appear to recognise during the build process.

I'm hoping someone is able to jump in here and give us some advice.

Regards

Rob

Comment
  1. mike S
  2. Monday, 22 April 2024 13:24 PM UTC
" USB sticks which PowerBuilder doesn't appear to recognise "



this is not the case, well it sort of is the case. You use an external command file to sign.
  1. Helpful 1
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.