Digitally signing add-ins with a version of the ArcGIS Pro SDK prior to 3.3

ljlopez

As part of the 3.3 release, the wiki page ProGuide Digitally signed add ins and configurations was updated to indicate the following:

As of June 1, 2023, industry standards changed to require private keys for standard code signing certificates to be stored on Hardware Security Modules (HSMs) or cloud HSMs certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent.

A similar mention is included in the section What's New for Developers at 3.3 of the ArcGIS Pro SDK wiki page.

Does the above apply to versions prior to 3.3 too? Are the instructions to digitally sign an add-in the same for earlier versions of the SDK? Will versions 3.2 or 3.1 of the utility ArcGISSignAddIn.exe be able to handle certificates whose private key is stored in a HSM or a cloud HSM?

I'm currently using ArcGIS Pro SDK 3.1 and reading the certificate from my Windows Certificate Store.

Thanks!

UmaHarano

The changes in Digital Signing is because of the change in the industry standards that require private keys for standard code signing certificates to be stored on Hardware Security Modules (HSMs).

ArcGISSignAddIn.exe can continue to be used to sign certificates stored in the Windows Certificate Store on your machine. (Pro 3.1 and Pro 3.2 will be able to support that).

View solution in original post

UmaHarano

The changes in Digital Signing is because of the change in the industry standards that require private keys for standard code signing certificates to be stored on Hardware Security Modules (HSMs).

ArcGISSignAddIn.exe can continue to be used to sign certificates stored in the Windows Certificate Store on your machine. (Pro 3.1 and Pro 3.2 will be able to support that).

ljlopez

Thanks @UmaHarano! I have another question but I'll create a different post for it.