release: Update the Windows Codesigning certificate #15682

pull theuni wants to merge 1 commits into bitcoin:master from theuni:new-win-cert changing 1 files +94 −93

theuni commented at 4:01 AM on March 28, 2019: member

Thanks to @gwillen for paying and @jonasschnelli for setting up the small company needed for signing!

This updates the Windows codesigning certificate to replace our expired one.

Testing showed that Windows 7 had trouble finding the path to a trusted CA. I am not sure if this will work better with more recent Windows versions, but because the previous cert is expired, this can only be an improvement.

This needs feedback after rc3.
theuni added the label Needs backport on Mar 28, 2019
laanwj added this to the milestone 0.18.0 on Mar 28, 2019
laanwj commented at 4:07 AM on March 28, 2019: member

utACK 43ae1e96ed2c2c71375f91309e789723045fcf0c
release: Update the Windows Codesigning certificate 43ae1e96ed
achow101 commented at 5:21 AM on March 28, 2019: member

utACK 43ae1e96ed2c2c71375f91309e789723045fcf0c

My Windows 10 machine had no issue with finding the path to a trusted CA. AFAICT, this should work with Windows machines that have been doing updates as the trusted root certs are updated periodically.
laanwj merged this on Mar 28, 2019
laanwj closed this on Mar 28, 2019
laanwj referenced this in commit edb8df4fea on Mar 28, 2019
laanwj referenced this in commit dcd96b84cf on Mar 28, 2019
laanwj removed the label Needs backport on Mar 28, 2019

practicalswift commented at 6:16 AM on March 28, 2019: contributor

My post-merge checking follows.

$ shasum -a 1 win-codesign.cert
70bf0a9d33390b83a7b02eb312fb224c706c13f1  win-codesign.cert
$ shasum -a 256 win-codesign.cert
b3c0d3291614fb36fb5a0fd4166db425b3fc0340a2defb43e8a0aaa208f2be4f  win-codesign.cert
$ openssl x509 -in win-codesign.cert -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b5:9c:52:74:8e:c6:ff:45:41:6d:f1:75:a3:03:3b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Code Signing CA
        Validity
            Not Before: Mar 27 00:00:00 2019 GMT
            Not After : Mar 26 23:59:59 2020 GMT
        Subject: C = CH, postalCode = 8005, ST = ZH, L = Z\C3\BCrich, street = Mattengasse 27, O = Bitcoin Core Code Signing Association, CN = Bitcoin Core Code Signing Association
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:38:54:3c:22:63:5c:31:71:6d:c4:59:34:c6:
                    9a:76:dc:88:2c:04:4f:00:bd:e8:31:b8:a9:ca:07:
                    d8:f3:cd:b1:5c:b7:75:fc:06:87:40:b4:d9:08:f6:
                    bc:be:b8:21:fc:08:19:41:52:81:11:2f:ca:36:64:
                    08:d8:44:b8:93:b6:7b:49:ce:d2:b2:8d:34:7e:6f:
                    fc:93:be:3f:bf:d5:60:f6:64:17:96:b7:b9:4c:fd:
                    ba:59:a2:85:42:d7:8a:88:9e:1c:1f:ea:d2:5e:81:
                    9a:22:4b:f9:c6:1a:31:57:e2:74:bf:58:f8:82:70:
                    82:24:ea:8e:7a:51:86:fd:48:93:4f:37:48:fb:2e:
                    e8:67:1f:41:3f:4c:25:f6:3f:fb:1b:1e:d8:43:f4:
                    97:81:9f:74:51:3a:0d:17:16:8e:20:bc:50:7a:5f:
                    a4:66:1c:22:6c:d2:15:96:69:6c:56:ea:a0:0c:a1:
                    b9:e0:a5:db:c4:14:e1:ff:10:01:b4:ba:06:a3:5f:
                    68:02:bd:30:c0:02:58:37:0a:79:3c:f7:0b:92:4a:
                    e8:28:94:c4:e9:c6:23:18:a5:5e:19:63:bb:26:c5:
                    52:34:78:8c:69:79:79:34:69:b8:f5:a4:f7:93:53:
                    4d:84:b7:ea:af:9b:c7:fd:67:61:e9:71:d2:7e:27:
                    9c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0E:E1:3A:A8:53:3A:31:D5:8A:BE:C1:BB:AD:67:1A:03:85:AD:34:0E

            X509v3 Subject Key Identifier:
                5B:37:B1:02:AC:F0:9D:56:F8:79:F1:E9:F0:CB:70:E2:C7:8E:A1:DA
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                Code Signing
            Netscape Cert Type:
                Object Signing
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.2
                  CPS: https://sectigo.com/CPS

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.sectigo.com/SectigoRSACodeSigningCA.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
                OCSP - URI:http://ocsp.sectigo.com

            X509v3 Subject Alternative Name:
                email:jonas@bitcoincorecodesigning.org
    Signature Algorithm: sha256WithRSAEncryption
         5f:c0:21:77:05:05:60:82:d9:17:9d:48:73:78:0a:f9:28:e6:
         67:52:90:33:60:ce:35:45:73:e3:b0:00:9e:51:74:e8:1b:11:
         17:5e:e0:f9:c7:9b:74:26:ae:7c:7e:b8:c7:ad:56:79:ab:0b:
         c1:6f:d4:8c:1b:92:44:74:6d:d6:d6:06:3e:a5:17:ac:cc:b0:
         29:48:37:a5:89:11:f6:3e:a9:f8:f5:aa:2e:f0:ca:e7:2e:fb:
         73:84:95:84:42:f5:b9:b9:2d:fd:26:10:74:2b:f2:52:75:94:
         6b:c0:8c:f8:7e:fe:19:b1:a1:53:5b:1c:53:19:d4:46:be:06:
         b6:e3:57:08:92:ce:7b:74:83:37:4c:87:40:a2:b2:90:59:28:
         b5:82:23:04:70:8b:e8:45:8d:0a:f0:67:b4:4b:1f:c1:de:08:
         9e:4e:8e:5f:ce:4c:34:2a:87:a0:32:95:0e:e5:f7:0f:4a:1e:
         c5:2d:e0:9a:b2:fc:09:c2:0b:20:23:db:fe:b1:8d:dc:27:ba:
         8d:ed:09:9c:1b:83:ff:42:c9:d8:80:69:c0:ff:f3:7a:1d:a6:
         11:1e:0b:68:81:6b:ed:30:b2:3f:5b:5a:6c:98:29:8e:d2:f6:
         7d:2e:fb:09:b7:c0:17:d9:6d:25:4c:0c:33:e4:fe:56:b5:de:
         a0:94:0c:b9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIRALWcUnSOxv9FQW3xdaMDO6swDQYJKoZIhvcNAQELBQAw
fDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSQwIgYDVQQD
ExtTZWN0aWdvIFJTQSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTkwMzI3MDAwMDAwWhcN
MjAwMzI2MjM1OTU5WjCBtDELMAkGA1UEBhMCQ0gxDTALBgNVBBEMBDgwMDUxCzAJ
BgNVBAgMAlpIMRAwDgYDVQQHDAdaw7xyaWNoMRcwFQYDVQQJDA5NYXR0ZW5nYXNz
ZSAyNzEuMCwGA1UECgwlQml0Y29pbiBDb3JlIENvZGUgU2lnbmluZyBBc3NvY2lh
dGlvbjEuMCwGA1UEAwwlQml0Y29pbiBDb3JlIENvZGUgU2lnbmluZyBBc3NvY2lh
dGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK04VDwiY1wxcW3E
WTTGmnbciCwETwC96DG4qcoH2PPNsVy3dfwGh0C02Qj2vL64IfwIGUFSgREvyjZk
CNhEuJO2e0nO0rKNNH5v/JO+P7/VYPZkF5a3uUz9ulmihULXioieHB/q0l6BmiJL
+cYaMVfidL9Y+IJwgiTqjnpRhv1Ik083SPsu6GcfQT9MJfY/+xse2EP0l4GfdFE6
DRcWjiC8UHpfpGYcImzSFZZpbFbqoAyhueCl28QU4f8QAbS6BqNfaAK9MMACWDcK
eTz3C5JK6CiUxOnGIxilXhljuybFUjR4jGl5eTRpuPWk95NTTYS36q+bx/1nYelx
0n4nnDMCAwEAAaOCAbMwggGvMB8GA1UdIwQYMBaAFA7hOqhTOjHVir7Bu61nGgOF
rTQOMB0GA1UdDgQWBBRbN7ECrPCdVvh58enwy3Dix46h2jAOBgNVHQ8BAf8EBAMC
B4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglghkgBhvhC
AQEEBAMCBBAwQAYDVR0gBDkwNzA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcC
ARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwQwYDVR0fBDwwOjA4oDagNIYyaHR0
cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ29kZVNpZ25pbmdDQS5jcmww
cwYIKwYBBQUHAQEEZzBlMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnNlY3RpZ28u
Y29tL1NlY3RpZ29SU0FDb2RlU2lnbmluZ0NBLmNydDAjBggrBgEFBQcwAYYXaHR0
cDovL29jc3Auc2VjdGlnby5jb20wKwYDVR0RBCQwIoEgam9uYXNAYml0Y29pbmNv
cmVjb2Rlc2lnbmluZy5vcmcwDQYJKoZIhvcNAQELBQADggEBAF/AIXcFBWCC2Red
SHN4Cvko5mdSkDNgzjVFc+OwAJ5RdOgbERde4PnHm3Qmrnx+uMetVnmrC8Fv1Iwb
kkR0bdbWBj6lF6zMsClIN6WJEfY+qfj1qi7wyucu+3OElYRC9bm5Lf0mEHQr8lJ1
lGvAjPh+/hmxoVNbHFMZ1Ea+BrbjVwiSznt0gzdMh0CispBZKLWCIwRwi+hFjQrw
Z7RLH8HeCJ5Ojl/OTDQqh6AylQ7l9w9KHsUt4Jqy/AnCCyAj2/6xjdwnuo3tCZwb
g/9CydiAacD/83odphEeC2iBa+0wsj9bWmyYKY7S9n0u+wm3wBfZbSVMDDPk/la1
3qCUDLk=
-----END CERTIFICATE-----

theuni commented at 6:18 AM on March 28, 2019: member

For posterity:

I confirmed that if I sign using the old key after this commit (producing a key/cert mismatch), the gitian-win-signer fails as would be desired. Meaning that these in-tree certs are indeed tested during the Gitian process.
theuni commented at 6:21 AM on March 28, 2019: member

@practicalswift I believe that openssl is too dense to parse the entire chain. That looks like it's just the first cert.

practicalswift commented at 6:34 AM on March 28, 2019: contributor

@theuni Ouch! Good catch. Thanks a lot for noticing!

New try:

$ shasum -a 1 win-codesign.cert
70bf0a9d33390b83a7b02eb312fb224c706c13f1  win-codesign.cert
$ shasum -a 256 win-codesign.cert
b3c0d3291614fb36fb5a0fd4166db425b3fc0340a2defb43e8a0aaa208f2be4f  win-codesign.cert
$ csplit -f  win-codesign-parts win-codesign.cert '/-----BEGIN CERTIFICATE-----/' '{*}'
$ for N in {1..3}; do
    shasum -a 1 win-codesign-parts0${N}
    shasum -a 256 win-codesign-parts0${N}
    openssl x509 -in win-codesign-parts0${N} -text
    echo
  done
e2c7a1b1e6fea7753587bdad072f327f08a4c417  win-codesign-parts01
46de1ef64cff59e2a71b3762e1707f67f58140b64b537a6f8439d73e937eff35  win-codesign-parts01
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b5:9c:52:74:8e:c6:ff:45:41:6d:f1:75:a3:03:3b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Code Signing CA
        Validity
            Not Before: Mar 27 00:00:00 2019 GMT
            Not After : Mar 26 23:59:59 2020 GMT
        Subject: C = CH, postalCode = 8005, ST = ZH, L = Z\C3\BCrich, street = Mattengasse 27, O = Bitcoin Core Code Signing Association, CN = Bitcoin Core Code Signing Association
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:38:54:3c:22:63:5c:31:71:6d:c4:59:34:c6:
                    9a:76:dc:88:2c:04:4f:00:bd:e8:31:b8:a9:ca:07:
                    d8:f3:cd:b1:5c:b7:75:fc:06:87:40:b4:d9:08:f6:
                    bc:be:b8:21:fc:08:19:41:52:81:11:2f:ca:36:64:
                    08:d8:44:b8:93:b6:7b:49:ce:d2:b2:8d:34:7e:6f:
                    fc:93:be:3f:bf:d5:60:f6:64:17:96:b7:b9:4c:fd:
                    ba:59:a2:85:42:d7:8a:88:9e:1c:1f:ea:d2:5e:81:
                    9a:22:4b:f9:c6:1a:31:57:e2:74:bf:58:f8:82:70:
                    82:24:ea:8e:7a:51:86:fd:48:93:4f:37:48:fb:2e:
                    e8:67:1f:41:3f:4c:25:f6:3f:fb:1b:1e:d8:43:f4:
                    97:81:9f:74:51:3a:0d:17:16:8e:20:bc:50:7a:5f:
                    a4:66:1c:22:6c:d2:15:96:69:6c:56:ea:a0:0c:a1:
                    b9:e0:a5:db:c4:14:e1:ff:10:01:b4:ba:06:a3:5f:
                    68:02:bd:30:c0:02:58:37:0a:79:3c:f7:0b:92:4a:
                    e8:28:94:c4:e9:c6:23:18:a5:5e:19:63:bb:26:c5:
                    52:34:78:8c:69:79:79:34:69:b8:f5:a4:f7:93:53:
                    4d:84:b7:ea:af:9b:c7:fd:67:61:e9:71:d2:7e:27:
                    9c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0E:E1:3A:A8:53:3A:31:D5:8A:BE:C1:BB:AD:67:1A:03:85:AD:34:0E

            X509v3 Subject Key Identifier:
                5B:37:B1:02:AC:F0:9D:56:F8:79:F1:E9:F0:CB:70:E2:C7:8E:A1:DA
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                Code Signing
            Netscape Cert Type:
                Object Signing
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.2
                  CPS: https://sectigo.com/CPS

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.sectigo.com/SectigoRSACodeSigningCA.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
                OCSP - URI:http://ocsp.sectigo.com

            X509v3 Subject Alternative Name:
                email:jonas@bitcoincorecodesigning.org
    Signature Algorithm: sha256WithRSAEncryption
         5f:c0:21:77:05:05:60:82:d9:17:9d:48:73:78:0a:f9:28:e6:
         67:52:90:33:60:ce:35:45:73:e3:b0:00:9e:51:74:e8:1b:11:
         17:5e:e0:f9:c7:9b:74:26:ae:7c:7e:b8:c7:ad:56:79:ab:0b:
         c1:6f:d4:8c:1b:92:44:74:6d:d6:d6:06:3e:a5:17:ac:cc:b0:
         29:48:37:a5:89:11:f6:3e:a9:f8:f5:aa:2e:f0:ca:e7:2e:fb:
         73:84:95:84:42:f5:b9:b9:2d:fd:26:10:74:2b:f2:52:75:94:
         6b:c0:8c:f8:7e:fe:19:b1:a1:53:5b:1c:53:19:d4:46:be:06:
         b6:e3:57:08:92:ce:7b:74:83:37:4c:87:40:a2:b2:90:59:28:
         b5:82:23:04:70:8b:e8:45:8d:0a:f0:67:b4:4b:1f:c1:de:08:
         9e:4e:8e:5f:ce:4c:34:2a:87:a0:32:95:0e:e5:f7:0f:4a:1e:
         c5:2d:e0:9a:b2:fc:09:c2:0b:20:23:db:fe:b1:8d:dc:27:ba:
         8d:ed:09:9c:1b:83:ff:42:c9:d8:80:69:c0:ff:f3:7a:1d:a6:
         11:1e:0b:68:81:6b:ed:30:b2:3f:5b:5a:6c:98:29:8e:d2:f6:
         7d:2e:fb:09:b7:c0:17:d9:6d:25:4c:0c:33:e4:fe:56:b5:de:
         a0:94:0c:b9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIRALWcUnSOxv9FQW3xdaMDO6swDQYJKoZIhvcNAQELBQAw
fDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSQwIgYDVQQD
ExtTZWN0aWdvIFJTQSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTkwMzI3MDAwMDAwWhcN
MjAwMzI2MjM1OTU5WjCBtDELMAkGA1UEBhMCQ0gxDTALBgNVBBEMBDgwMDUxCzAJ
BgNVBAgMAlpIMRAwDgYDVQQHDAdaw7xyaWNoMRcwFQYDVQQJDA5NYXR0ZW5nYXNz
ZSAyNzEuMCwGA1UECgwlQml0Y29pbiBDb3JlIENvZGUgU2lnbmluZyBBc3NvY2lh
dGlvbjEuMCwGA1UEAwwlQml0Y29pbiBDb3JlIENvZGUgU2lnbmluZyBBc3NvY2lh
dGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK04VDwiY1wxcW3E
WTTGmnbciCwETwC96DG4qcoH2PPNsVy3dfwGh0C02Qj2vL64IfwIGUFSgREvyjZk
CNhEuJO2e0nO0rKNNH5v/JO+P7/VYPZkF5a3uUz9ulmihULXioieHB/q0l6BmiJL
+cYaMVfidL9Y+IJwgiTqjnpRhv1Ik083SPsu6GcfQT9MJfY/+xse2EP0l4GfdFE6
DRcWjiC8UHpfpGYcImzSFZZpbFbqoAyhueCl28QU4f8QAbS6BqNfaAK9MMACWDcK
eTz3C5JK6CiUxOnGIxilXhljuybFUjR4jGl5eTRpuPWk95NTTYS36q+bx/1nYelx
0n4nnDMCAwEAAaOCAbMwggGvMB8GA1UdIwQYMBaAFA7hOqhTOjHVir7Bu61nGgOF
rTQOMB0GA1UdDgQWBBRbN7ECrPCdVvh58enwy3Dix46h2jAOBgNVHQ8BAf8EBAMC
B4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglghkgBhvhC
AQEEBAMCBBAwQAYDVR0gBDkwNzA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcC
ARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwQwYDVR0fBDwwOjA4oDagNIYyaHR0
cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ29kZVNpZ25pbmdDQS5jcmww
cwYIKwYBBQUHAQEEZzBlMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnNlY3RpZ28u
Y29tL1NlY3RpZ29SU0FDb2RlU2lnbmluZ0NBLmNydDAjBggrBgEFBQcwAYYXaHR0
cDovL29jc3Auc2VjdGlnby5jb20wKwYDVR0RBCQwIoEgam9uYXNAYml0Y29pbmNv
cmVjb2Rlc2lnbmluZy5vcmcwDQYJKoZIhvcNAQELBQADggEBAF/AIXcFBWCC2Red
SHN4Cvko5mdSkDNgzjVFc+OwAJ5RdOgbERde4PnHm3Qmrnx+uMetVnmrC8Fv1Iwb
kkR0bdbWBj6lF6zMsClIN6WJEfY+qfj1qi7wyucu+3OElYRC9bm5Lf0mEHQr8lJ1
lGvAjPh+/hmxoVNbHFMZ1Ea+BrbjVwiSznt0gzdMh0CispBZKLWCIwRwi+hFjQrw
Z7RLH8HeCJ5Ojl/OTDQqh6AylQ7l9w9KHsUt4Jqy/AnCCyAj2/6xjdwnuo3tCZwb
g/9CydiAacD/83odphEeC2iBa+0wsj9bWmyYKY7S9n0u+wm3wBfZbSVMDDPk/la1
3qCUDLk=
-----END CERTIFICATE-----

2f2380685be0ea8c1be1e1a8496ff9f220c4f61c  win-codesign-parts02
8a3dbcb92ab1c6277647fe2ab8536b5c982abbfdb1f1df5728e01b906aba953a  win-codesign-parts02
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
        Validity
            Not Before: Feb  1 00:00:00 2010 GMT
            Not After : Jan 18 23:59:59 2038 GMT
        Subject: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:80:12:65:17:36:0e:c3:db:08:b3:d0:ac:57:0d:
                    76:ed:cd:27:d3:4c:ad:50:83:61:e2:aa:20:4d:09:
                    2d:64:09:dc:ce:89:9f:cc:3d:a9:ec:f6:cf:c1:dc:
                    f1:d3:b1:d6:7b:37:28:11:2b:47:da:39:c6:bc:3a:
                    19:b4:5f:a6:bd:7d:9d:a3:63:42:b6:76:f2:a9:3b:
                    2b:91:f8:e2:6f:d0:ec:16:20:90:09:3e:e2:e8:74:
                    c9:18:b4:91:d4:62:64:db:7f:a3:06:f1:88:18:6a:
                    90:22:3c:bc:fe:13:f0:87:14:7b:f6:e4:1f:8e:d4:
                    e4:51:c6:11:67:46:08:51:cb:86:14:54:3f:bc:33:
                    fe:7e:6c:9c:ff:16:9d:18:bd:51:8e:35:a6:a7:66:
                    c8:72:67:db:21:66:b1:d4:9b:78:03:c0:50:3a:e8:
                    cc:f0:dc:bc:9e:4c:fe:af:05:96:35:1f:57:5a:b7:
                    ff:ce:f9:3d:b7:2c:b6:f6:54:dd:c8:e7:12:3a:4d:
                    ae:4c:8a:b7:5c:9a:b4:b7:20:3d:ca:7f:22:34:ae:
                    7e:3b:68:66:01:44:e7:01:4e:46:53:9b:33:60:f7:
                    94:be:53:37:90:73:43:f3:32:c3:53:ef:db:aa:fe:
                    74:4e:69:c7:6b:8c:60:93:de:c4:c7:0c:df:e1:32:
                    ae:cc:93:3b:51:78:95:67:8b:ee:3d:56:fe:0c:d0:
                    69:0f:1b:0f:f3:25:26:6b:33:6d:f7:6e:47:fa:73:
                    43:e5:7e:0e:a5:66:b1:29:7c:32:84:63:55:89:c4:
                    0d:c1:93:54:30:19:13:ac:d3:7d:37:a7:eb:5d:3a:
                    6c:35:5c:db:41:d7:12:da:a9:49:0b:df:d8:80:8a:
                    09:93:62:8e:b5:66:cf:25:88:cd:84:b8:b1:3f:a4:
                    39:0f:d9:02:9e:eb:12:4c:95:7c:f3:6b:05:a9:5e:
                    16:83:cc:b8:67:e2:e8:13:9d:cc:5b:82:d3:4c:b3:
                    ed:5b:ff:de:e5:73:ac:23:3b:2d:00:bf:35:55:74:
                    09:49:d8:49:58:1a:7f:92:36:e6:51:92:0e:f3:26:
                    7d:1c:4d:17:bc:c9:ec:43:26:d0:bf:41:5f:40:a9:
                    44:44:f4:99:e7:57:87:9e:50:1f:57:54:a8:3e:fd:
                    74:63:2f:b1:50:65:09:e6:58:42:2e:43:1a:4c:b4:
                    f0:25:47:59:fa:04:1e:93:d4:26:46:4a:50:81:b2:
                    de:be:78:b7:fc:67:15:e1:c9:57:84:1e:0f:63:d6:
                    e9:62:ba:d6:5f:55:2e:ea:5c:c6:28:08:04:25:39:
                    b8:0e:2b:a9:f2:4c:97:1c:07:3f:0d:52:f5:ed:ef:
                    2f:82:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha384WithRSAEncryption
         5c:d4:7c:0d:cf:f7:01:7d:41:99:65:0c:73:c5:52:9f:cb:f8:
         cf:99:06:7f:1b:da:43:15:9f:9e:02:55:57:96:14:f1:52:3c:
         27:87:94:28:ed:1f:3a:01:37:a2:76:fc:53:50:c0:84:9b:c6:
         6b:4e:ba:8c:21:4f:a2:8e:55:62:91:f3:69:15:d8:bc:88:e3:
         c4:aa:0b:fd:ef:a8:e9:4b:55:2a:06:20:6d:55:78:29:19:ee:
         5f:30:5c:4b:24:11:55:ff:24:9a:6e:5e:2a:2b:ee:0b:4d:9f:
         7f:f7:01:38:94:14:95:43:07:09:fb:60:a9:ee:1c:ab:12:8c:
         a0:9a:5e:a7:98:6a:59:6d:8b:3f:08:fb:c8:d1:45:af:18:15:
         64:90:12:0f:73:28:2e:c5:e2:24:4e:fc:58:ec:f0:f4:45:fe:
         22:b3:eb:2f:8e:d2:d9:45:61:05:c1:97:6f:a8:76:72:8f:8b:
         8c:36:af:bf:0d:05:ce:71:8d:e6:a6:6f:1f:6c:a6:71:62:c5:
         d8:d0:83:72:0c:f1:67:11:89:0c:9c:13:4c:72:34:df:bc:d5:
         71:df:aa:71:dd:e1:b9:6c:8c:3c:12:5d:65:da:bd:57:12:b6:
         43:6b:ff:e5:de:4d:66:11:51:cf:99:ae:ec:17:b6:e8:71:91:
         8c:de:49:fe:dd:35:71:a2:15:27:94:1c:cf:61:e3:26:bb:6f:
         a3:67:25:21:5d:e6:dd:1d:0b:2e:68:1b:3b:82:af:ec:83:67:
         85:d4:98:51:74:b1:b9:99:80:89:ff:7f:78:19:5c:79:4a:60:
         2e:92:40:ae:4c:37:2a:2c:c9:c7:62:c8:0e:5d:f7:36:5b:ca:
         e0:25:25:01:b4:dd:1a:07:9c:77:00:3f:d0:dc:d5:ec:3d:d4:
         fa:bb:3f:cc:85:d6:6f:7f:a9:2d:df:b9:02:f7:f5:97:9a:b5:
         35:da:c3:67:b0:87:4a:a9:28:9e:23:8e:ff:5c:27:6b:e1:b0:
         4f:f3:07:ee:00:2e:d4:59:87:cb:52:41:95:ea:f4:47:d7:ee:
         64:41:55:7c:8d:59:02:95:dd:62:9d:c2:b9:ee:5a:28:74:84:
         a5:9b:b7:90:c7:0c:07:df:f5:89:36:74:32:d6:28:c1:b0:b0:
         0b:e0:9c:4c:c3:1c:d6:fc:e3:69:b5:47:46:81:2f:a2:82:ab:
         d3:63:44:70:c4:8d:ff:2d:33:ba:ad:8f:7b:b5:70:88:ae:3e:
         19:cf:40:28:d8:fc:c8:90:bb:5d:99:22:f5:52:e6:58:c5:1f:
         88:31:43:ee:88:1d:d7:c6:8e:3c:43:6a:1d:a7:18:de:7d:3d:
         16:f1:62:f9:ca:90:a8:fd
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----

9199679f5c2c7b5ce20f3e586cb5753eb338e646  win-codesign-parts03
9c4af733a8162e20bf1dfa7992d321634e9d12ec28a3c0a6652020f0310fdc97  win-codesign-parts03
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
        Validity
            Not Before: Nov  2 00:00:00 2018 GMT
            Not After : Dec 31 23:59:59 2030 GMT
        Subject: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Code Signing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:86:22:8d:32:85:7a:18:9f:49:f0:96:2f:63:08:
                    1e:2d:dc:7c:9f:14:cf:e3:26:b6:25:66:29:40:86:
                    54:46:74:31:62:c5:10:ed:b2:87:27:a6:99:cb:95:
                    30:c0:56:f5:a4:75:c6:a9:0e:50:62:a5:51:91:10:
                    6a:e0:4b:62:ae:fd:f0:f8:18:ac:a7:ff:ee:2e:33:
                    20:fa:0c:19:89:a8:6c:7b:ad:00:c3:61:a1:dc:69:
                    65:6d:1f:6e:27:96:d7:97:51:86:a6:f4:27:e5:7c:
                    6a:8b:95:1e:5b:60:d5:7e:d7:16:92:9c:00:2f:68:
                    f7:97:ed:6a:72:be:38:3b:63:de:8f:bf:6e:4c:41:
                    5d:12:20:08:59:e8:39:cd:8f:d2:d6:cf:06:b4:57:
                    05:b6:4e:a1:3e:57:6b:1f:98:bc:c4:62:d6:1b:0b:
                    8d:c7:66:1b:4a:9f:9d:81:c4:72:40:b5:e2:5f:ef:
                    0b:45:ff:a3:ce:17:a6:2d:55:b0:b7:b0:bc:54:6a:
                    9d:bc:8d:56:53:c6:f0:ba:79:50:49:2c:f7:03:b9:
                    fe:2f:65:35:f2:22:ea:2c:07:af:46:d9:f9:46:1c:
                    dc:8c:7c:71:28:f3:fe:a7:c6:14:dd:55:91:6e:8a:
                    11:0d:df:06:24:95:7d:0f:a7:a1:7c:3a:da:86:35:
                    61:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB

            X509v3 Subject Key Identifier:
                0E:E1:3A:A8:53:3A:31:D5:8A:BE:C1:BB:AD:67:1A:03:85:AD:34:0E
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage:
                Code Signing, Time Stamping
            X509v3 Certificate Policies:
                Policy: X509v3 Any Policy

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt
                OCSP - URI:http://ocsp.usertrust.com

    Signature Algorithm: sha384WithRSAEncryption
         4d:63:50:ed:47:34:4a:61:a4:db:de:6a:2a:8c:9b:f1:00:00:
         1e:1d:62:7b:3a:d7:32:c2:f6:b3:e0:63:b3:fb:61:00:88:9a:
         1b:6d:10:07:04:4f:be:b8:ea:89:78:22:eb:0f:46:ec:f3:46:
         5e:40:46:89:12:f4:0b:77:5a:9c:2a:41:3a:fc:d6:f4:eb:e7:
         f7:15:95:33:c3:a1:83:28:b7:de:2f:e4:94:f7:85:33:83:2d:
         4a:40:48:bf:9a:c2:4f:4a:b1:8f:24:f4:b3:81:37:d3:b7:64:
         b0:a6:23:6a:59:68:52:42:5f:ff:04:eb:e1:74:65:79:08:f5:
         a9:93:de:6b:71:40:99:96:ba:78:f1:b9:c8:e2:c3:08:16:b1:
         ab:63:5a:c8:15:80:6d:74:5e:4a:75:7e:a5:b8:c3:6c:b5:cf:
         df:4a:79:87:5c:c7:40:4d:63:35:f6:30:d3:cf:b5:0a:0e:0b:
         04:7f:a0:4b:ae:bb:a3:a5:d0:84:00:93:3e:53:5d:34:a5:00:
         35:69:6c:be:9f:20:25:10:0d:19:fb:50:90:61:be:39:8f:7a:
         8e:4d:f6:9f:0e:1e:fe:07:51:12:66:83:26:19:48:95:ce:4a:
         c9:c1:7f:f3:3a:05:9b:f9:6f:df:88:7f:c0:23:9e:d2:1e:43:
         7a:45:31:c1:9c:4d:a9:f0:59:b2:59:19:e8:6a:8d:29:04:02:
         77:7c:4b:4b:cd:70:be:3a:b2:55:5a:78:3e:bc:bb:6f:03:10:
         25:77:15:34:8a:f9:36:cc:43:92:e4:ba:4f:f1:62:93:28:25:
         57:29:fb:51:19:c7:a1:25:40:6a:84:57:c6:b2:9d:b1:bc:1c:
         0a:da:7c:67:7e:7d:2e:e9:28:4c:18:7e:c4:7b:31:41:71:9a:
         4b:29:ec:0b:3d:57:50:d2:ca:dd:fd:9e:05:51:e5:44:78:dd:
         01:de:b1:75:98:0d:54:24:fd:f0:4e:e3:e2:f8:83:bd:72:ba:
         cb:3d:3a:ee:f0:5e:17:92:68:6d:c8:61:f9:a6:f1:2a:0a:0b:
         a5:b9:f4:9e:ee:98:32:05:85:9e:eb:f9:83:29:d3:c6:2c:7d:
         bd:3a:77:2e:8b:37:42:a0:6a:82:ed:3b:4a:aa:94:10:a4:e1:
         0d:f8:17:c5:b6:5a:79:33:18:92:e3:b5:75:f8:a1:e9:8e:0a:
         25:1e:e4:1e:f1:9f:5a:87:23:ff:9f:a4:51:9e:fb:39:80:11:
         cd:db:b5:c4:a7:a8:80:6f:e5:53:d4:e0:e3:a2:c2:d2:5b:1a:
         fa:32:26:2d:6a:57:70:1c:3c:a4:58:2e:a3:f3:5b:4b:07:dc:
         32:59:f3:87:a7:1a:6d:58
-----BEGIN CERTIFICATE-----
MIIF9TCCA92gAwIBAgIQHaJIMG+bJhjQguCWfTPTajANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjB8MQswCQYDVQQGEwJHQjEbMBkGA1UE
CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQK
Ew9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2ln
bmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIYijTKFehif
SfCWL2MIHi3cfJ8Uz+MmtiVmKUCGVEZ0MWLFEO2yhyemmcuVMMBW9aR1xqkOUGKl
UZEQauBLYq798PgYrKf/7i4zIPoMGYmobHutAMNhodxpZW0fbieW15dRhqb0J+V8
aouVHltg1X7XFpKcAC9o95ftanK+ODtj3o+/bkxBXRIgCFnoOc2P0tbPBrRXBbZO
oT5Xax+YvMRi1hsLjcdmG0qfnYHEckC14l/vC0X/o84Xpi1VsLewvFRqnbyNVlPG
8Lp5UEks9wO5/i9lNfIi6iwHr0bZ+UYc3Ix8cSjz/qfGFN1VkW6KEQ3fBiSVfQ+n
oXw62oY1YdMCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvA
nfKyA2bLMB0GA1UdDgQWBBQO4TqoUzox1Yq+wbutZxoDha00DjAOBgNVHQ8BAf8E
BAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAwYI
KwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
AQwFAAOCAgEATWNQ7Uc0SmGk295qKoyb8QAAHh1iezrXMsL2s+Bjs/thAIiaG20Q
BwRPvrjqiXgi6w9G7PNGXkBGiRL0C3danCpBOvzW9Ovn9xWVM8Ohgyi33i/klPeF
M4MtSkBIv5rCT0qxjyT0s4E307dksKYjalloUkJf/wTr4XRleQj1qZPea3FAmZa6
ePG5yOLDCBaxq2NayBWAbXReSnV+pbjDbLXP30p5h1zHQE1jNfYw08+1Cg4LBH+g
S667o6XQhACTPlNdNKUANWlsvp8gJRANGftQkGG+OY96jk32nw4e/gdREmaDJhlI
lc5KycF/8zoFm/lv34h/wCOe0h5DekUxwZxNqfBZslkZ6GqNKQQCd3xLS81wvjqy
VVp4Pry7bwMQJXcVNIr5NsxDkuS6T/FikyglVyn7URnHoSVAaoRXxrKdsbwcCtp8
Z359LukoTBh+xHsxQXGaSynsCz1XUNLK3f2eBVHlRHjdAd6xdZgNVCT98E7j4viD
vXK6yz067vBeF5Jobchh+abxKgoLpbn0nu6YMgWFnuv5gynTxix9vTp3Los3QqBq
gu07SqqUEKThDfgXxbZaeTMYkuO1dfih6Y4KJR7kHvGfWocj/5+kUZ77OYARzdu1
xKeogG/lU9Tg46LC0lsa+jImLWpXcBw8pFguo/NbSwfcMlnzh6cabVg=
-----END CERTIFICATE-----

cryptozeny commented at 7:16 AM on March 28, 2019: none

thanks! btw how much the cost to get the cert? i am just curious about 😅 @gwillen
gwillen commented at 7:52 AM on March 28, 2019: contributor

@cryptozeny It was under $100, could be worse.
MarcoFalke commented at 1:09 PM on March 28, 2019: member

I don't understand why the backport is necessary. It is mostly up to the signature creator to check out the right branch and run the script?

If it was required, it would have to be backported to 0.17 as well?
achow101 commented at 2:21 PM on March 28, 2019: member

@MarcoFalke Backport is needed because the gitian build target for the signed binaries checks that the signature it is attaching matches the cert in the source tree. So we need to backport the cert to the previous release branches so that new releases of those versions can be made using the new cert.
MarcoFalke referenced this in commit 17166faefe on Mar 28, 2019
theuni commented at 5:12 PM on March 28, 2019: member

@MarcoFalke Yes to 0.17 as well. @achow101 To expand on that, it's not only used for verification, the cert chain is actually inserted into the binary during the signing process. The verifier then fails if it was signed with a different cert's key. This ensures that the gitian process can only complete with a signature using the expected in-tree cert.
theuni referenced this in commit 6737e1c0e1 on Sep 13, 2019
Munkybooty referenced this in commit 05a4906499 on Sep 22, 2021
Munkybooty referenced this in commit df8d31fcc2 on Sep 27, 2021
MarcoFalke locked this on Dec 16, 2021

Contributors

Milestone
0.18.0

Linked (view graph)

#15690 Renew Windows code-signing certificate