The persistent identity page describes thoroughly how to set up the bridge files (for those lucky enough to encounter the page in time....), but the signtool part is not using a time stamp, meaning that it will all be in vain the day the old certificate runs out.
Sure, there is a note saying that you probably should - but for the bridging to make any sense you absolutely have to! So it seems very risky to promote the wrong example use of signtool. (especially since you won't notice the problem until it is too late to fix)
So you should really add the /t part to the signtool line!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
ID: fdec14ed-d6ca-9bd6-f0f7-de3b30915aa3
Version Independent ID: 7ff21924-0311-5f70-7087-4a1669ee8afe
The persistent identity page describes thoroughly how to set up the bridge files (for those lucky enough to encounter the page in time....), but the signtool part is not using a time stamp, meaning that it will all be in vain the day the old certificate runs out.
Sure, there is a note saying that you probably should - but for the bridging to make any sense you absolutely have to! So it seems very risky to promote the wrong example use of signtool. (especially since you won't notice the problem until it is too late to fix)
So you should really add the /t part to the signtool line!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.