Add a password to the Digicert signing certificate #362

dduportal · 2023-04-06T16:54:50Z

As per

Lines 79 to 81 in 7a03f98

    
           *.pfx) 
        
           	# pfx file download from azure key vault are not password protected, which is required for maven release plugin 
        
           	# so we need to add a new password

, the pfx file does not have a password.

However, this comment was made in 2020. We are 2023, and as per https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal, password for pfxcertificate seems supported.

As an additional layer of security, we should be able to use a password (instead of converting pfx to pem for adding one).

Discovered while working on jenkins-infra/helpdesk#3323

The text was updated successfully, but these errors were encountered:

timja · 2023-04-06T21:24:45Z

You might want to read the docs a bit closer ^.^

Once the certificate file is successfully imported, key vault will remove that password.

dduportal · 2023-04-07T07:40:13Z

🤦 correct, thanks for pointing it out 😅

Gotta close the issue then 👍

dduportal added the feature label Apr 6, 2023

dduportal mentioned this issue Apr 6, 2023

renew the signer certificate for jenkins jenkins-infra/helpdesk#3323

Closed

dduportal closed this as not planned Won't fix, can't repro, duplicate, stale Apr 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a password to the Digicert signing certificate #362

Add a password to the Digicert signing certificate #362

dduportal commented Apr 6, 2023

timja commented Apr 6, 2023

dduportal commented Apr 7, 2023

Add a password to the Digicert signing certificate #362

Add a password to the Digicert signing certificate #362

Comments

dduportal commented Apr 6, 2023

timja commented Apr 6, 2023

dduportal commented Apr 7, 2023