Azure Trusted Signing is the new preferred way to sign Windows apps. There is documentation for using it with Electron here: https://www.electronforge.io/guides/code-signing/code-signing-windows
It works by using a new /dlib option in SignTool.exe. The certificate is not passed in with /f. Instead it is generated by Azure on the fly.
However, when you don't specify a cert, this library will automatically create a dev cert for you: https://github.com/electron-userland/electron-windows-msix/blob/main/src/utils.ts#L232
There is currently no way to disable the dev cert.
When you try to use Azure Trusted Signing, you get an error like this:
SignTool Error: AuthenticodeDigestSignEx implementation is found in the DLL specified by /dlib option.
It is incompatible with /a /ac /c /f /p /i /n /r /s /sm /sha1 /u /uw option.
An easy solution would be to add a config option that explicitly disables the dev cert. Something like createDevCert: false
Azure Trusted Signing is the new preferred way to sign Windows apps. There is documentation for using it with Electron here: https://www.electronforge.io/guides/code-signing/code-signing-windows
It works by using a new
/dliboption in SignTool.exe. The certificate is not passed in with/f. Instead it is generated by Azure on the fly.However, when you don't specify a cert, this library will automatically create a dev cert for you: https://github.com/electron-userland/electron-windows-msix/blob/main/src/utils.ts#L232
There is currently no way to disable the dev cert.
When you try to use Azure Trusted Signing, you get an error like this:
An easy solution would be to add a config option that explicitly disables the dev cert. Something like
createDevCert: false