我应该导出什么证书文件格式,以便可以在 Azure Pipelines 中使用该证书?
What certificate file format do I export to, so I can use the certificate in Azure Pipelines?
Azure Pipelines 的新手。我正在努力将我们的一些应用程序的 build/release 迁移到 Azure Pipelines。我们签署 Windows 应用程序。目前,这是通过我们的 TFS build/release 服务器上的证书完成的。我想从我们的 TFS 服务器导出证书,这样我就可以将它放入 Azure Pipeline 的安全文件位置。从我们 build/release 上的 MMC,我添加了 Certificates MMC 附加组件。我找到了我要导出的相关证书。右键单击我已经 select 导出证书的任务。它问我应该使用什么文件格式。它列出了 3:
- DER 编码二进制 X.509 (.CER)
- Base-64 编码 X.509 (.CER)
- 加密消息语法标准 - PKCS #7 证书 (.P7B)
最后一个,如果我 select 它,将打开其他几个选项,但我想我想要的是第一个或第二个。
我应该导出到哪个,以便我可以将其放入我们的 Azure Pipeline 的安全文件中,以便在 Pipeline 的 运行 期间签署 Windows 应用程序?
您可以使用最适合您的方式。就 Azure Pipelines 而言,它们之间没有区别,它们只是文件。
你也可以检查Code Signing extension
参数包括:
- Secure File: The certificate that was uploaded to Secure Files to be used to sign the given files. (Using Secure Files in Azure DevOps).
- Secure File Password: The password for the provided certificate. Use a new variable with its lock enabled on the Variables tab to encrypt this value.
- File(s) to Sign: Relative path from the repo root to the file(s) you want to sign. You can use wildcards to specify multiple files (more information). For example, **/bin/*.dll for all .DLL files in the 'bin' subfolder.
- Timestamp Server Url: Absolute Url of the timestamp server to use.. Default: http://timestamp.digicert.com
- Hashing Algorithm: The file digest algorithm to use for creating file signatures (i.e. SHA256 or SHA1). Default: SHA256
- Select singtool.exe: Option to select signtool to use for signing
- Built-In: This is the default option. It uses the signtool.exe that comes along with the task
- Custom Path: With this option you can define a custom path that the task will use to sign your files. IMPORTANT: the custompath has to end with signtool.exe
- Latest version installed: This option uses the latest installed version on the current system. This only works on machines that have the Windows 10 SDK installed. The base path that is used for getting the signtool is C:\Program Files (x86)\Windows Kits\bin. The task grabs the latest installed version and tries to use the x64 version of the .exe. If it is not available it uses x86. If the x86 signtool is not available the task fails. If this is the case please check if the Windows 10 SDK is installed on your build agent.
- Description: A description to add to the file being signed
Azure Pipelines 的新手。我正在努力将我们的一些应用程序的 build/release 迁移到 Azure Pipelines。我们签署 Windows 应用程序。目前,这是通过我们的 TFS build/release 服务器上的证书完成的。我想从我们的 TFS 服务器导出证书,这样我就可以将它放入 Azure Pipeline 的安全文件位置。从我们 build/release 上的 MMC,我添加了 Certificates MMC 附加组件。我找到了我要导出的相关证书。右键单击我已经 select 导出证书的任务。它问我应该使用什么文件格式。它列出了 3:
- DER 编码二进制 X.509 (.CER)
- Base-64 编码 X.509 (.CER)
- 加密消息语法标准 - PKCS #7 证书 (.P7B)
最后一个,如果我 select 它,将打开其他几个选项,但我想我想要的是第一个或第二个。
我应该导出到哪个,以便我可以将其放入我们的 Azure Pipeline 的安全文件中,以便在 Pipeline 的 运行 期间签署 Windows 应用程序?
您可以使用最适合您的方式。就 Azure Pipelines 而言,它们之间没有区别,它们只是文件。
你也可以检查Code Signing extension
参数包括:
- Secure File: The certificate that was uploaded to Secure Files to be used to sign the given files. (Using Secure Files in Azure DevOps).
- Secure File Password: The password for the provided certificate. Use a new variable with its lock enabled on the Variables tab to encrypt this value.
- File(s) to Sign: Relative path from the repo root to the file(s) you want to sign. You can use wildcards to specify multiple files (more information). For example, **/bin/*.dll for all .DLL files in the 'bin' subfolder.
- Timestamp Server Url: Absolute Url of the timestamp server to use.. Default: http://timestamp.digicert.com
- Hashing Algorithm: The file digest algorithm to use for creating file signatures (i.e. SHA256 or SHA1). Default: SHA256
- Select singtool.exe: Option to select signtool to use for signing
- Built-In: This is the default option. It uses the signtool.exe that comes along with the task
- Custom Path: With this option you can define a custom path that the task will use to sign your files. IMPORTANT: the custompath has to end with signtool.exe
- Latest version installed: This option uses the latest installed version on the current system. This only works on machines that have the Windows 10 SDK installed. The base path that is used for getting the signtool is C:\Program Files (x86)\Windows Kits\bin. The task grabs the latest installed version and tries to use the x64 version of the .exe. If it is not available it uses x86. If the x86 signtool is not available the task fails. If this is the case please check if the Windows 10 SDK is installed on your build agent.
- Description: A description to add to the file being signed