ebourg
commented
7 months ago That's an excellent question, and I about to face the same issue in the near future :) One solution is to use a PKCS#11 proxy that allows one to use a remote USB token. But it's insecure and it doesn't support concurrent accesses. If no simple and clean solution emerges by the time my certificate expires I'll probably write a simple signing server and integrate it into Jsign.
Hi,
Sorry if my question sounds stupid :) Our organization certificate expires soon and after 3 years I have found that there are quite some changes made to the process .. (lucky me)
I was wondering how are you guys solving the issue with multiple build machines against one dongle problem? I really don't want to host the key in cloud HSM (the procedure after June 1 is really complicated and pricey) and I would love to maintain same level of flexibility that we had before (where we have Linux/Mac and Windows machines able to sign files from same pfx).
So to make a long story short, is there a possibility to host kind'a a signing server in-house and use it with jsign or other tools? I would be really happy if you could refer me to any known solutions.