From ccd1e1048ca4fd10494bfed49e4ea28f86843539 Mon Sep 17 00:00:00 2001 From: edoardo-kolver <88052315+edoardo-kolver@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:42:20 -0700 Subject: [PATCH 1/2] clarified instructions for certificates stored in hardware The documentation says to export the certificate, but this introduces errors when the certificate is stored in a hardware token. You just need to specify the certificate fingerprint, no need to export. See issue https://github.com/dotnet/runtime/issues/100414 --- docs/create-packages/Sign-a-Package.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/create-packages/Sign-a-Package.md b/docs/create-packages/Sign-a-Package.md index fffc365a1..981527989 100644 --- a/docs/create-packages/Sign-a-Package.md +++ b/docs/create-packages/Sign-a-Package.md @@ -28,6 +28,8 @@ You can use self-issued certificates for testing purposes. However, packages sig ## Export the certificate file +* If your certificate is stored in a hardware token, you don't need to export the certificate. Instead, specify the SHA-1 certificate fingerprint (thumbprint) by using the option `--certificate-fingerprint ` (replacing `--certificate-path `) + * You can export an existing certificate to a binary DER format by using the Certificate Export Wizard. ![Certificate Export Wizard](../reference/media/CertificateExportWizard.png) From 9619cecd61a456b5fa599d5b6947933b2ececde6 Mon Sep 17 00:00:00 2001 From: edoardo-kolver <88052315+edoardo-kolver@users.noreply.github.com> Date: Fri, 5 Apr 2024 18:50:22 -0700 Subject: [PATCH 2/2] Update docs/create-packages/Sign-a-Package.md better phrasing Co-authored-by: Theodore Tsirpanis --- docs/create-packages/Sign-a-Package.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/create-packages/Sign-a-Package.md b/docs/create-packages/Sign-a-Package.md index 981527989..02dc78135 100644 --- a/docs/create-packages/Sign-a-Package.md +++ b/docs/create-packages/Sign-a-Package.md @@ -28,7 +28,7 @@ You can use self-issued certificates for testing purposes. However, packages sig ## Export the certificate file -* If your certificate is stored in a hardware token, you don't need to export the certificate. Instead, specify the SHA-1 certificate fingerprint (thumbprint) by using the option `--certificate-fingerprint ` (replacing `--certificate-path `) +* If your certificate is stored in a hardware token, you should not export the certificate. Instead, specify the SHA-1 certificate fingerprint (thumbprint) by using the option `--certificate-fingerprint ` (replacing `--certificate-path `) * You can export an existing certificate to a binary DER format by using the Certificate Export Wizard.