The gist: I've had to disable the timestamping of the signing process, and then see the gotchas below.
Gotchas: The certificate password needs to be at least 6-characters long. The ZXPSignCmd utility doesn't specify that, and if you give it fewer it'll just fail with a cryptic message. Note the other fields filled out in the env.mk related to the certificate, as well, and do something similar. It's not super critical what the specific values are, but it appears to be important that they're filled in.
Once your env.mk is setup similar to what I have here (but with a real password, please...and don't commit the env.mk once you've modified it locally), you'll be able to run the make command to generate a p12 file.
Don't merge this. It's just an example.
The gist: I've had to disable the timestamping of the signing process, and then see the gotchas below.
Gotchas: The certificate password needs to be at least 6-characters long. The
ZXPSignCmdutility doesn't specify that, and if you give it fewer it'll just fail with a cryptic message. Note the other fields filled out in theenv.mkrelated to the certificate, as well, and do something similar. It's not super critical what the specific values are, but it appears to be important that they're filled in.Once your
env.mkis setup similar to what I have here (but with a real password, please...and don't commit theenv.mkonce you've modified it locally), you'll be able to run the make command to generate a p12 file.Once you have your p12 generated on disk, you can run the make sign command to build the extension and sign it using your certificate.