This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new cae655e08a Switch from DigiCert ONE to ssl.com eSigner for code signing
cae655e08a is described below
commit cae655e08a81b359a18a58fe66a4d24d69f7f985
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Oct 23 08:32:36 2024 +0100
Switch from DigiCert ONE to ssl.com eSigner for code signing
---
build.properties.default | 10 ++++++----
build.xml | 8 ++++++--
webapps/docs/changelog.xml | 3 +++
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 152118a787..05be0f61c2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -95,11 +95,13 @@ gpg.exec=/path/to/gpg
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
do.codesigning=false
-codesigning.alias=Tomcat-PMC-cert-2023-11
-codesigning.digest=SHA-512
-codesigning.storetype=DIGICERTONE
+codesigning.alias=d97c5110-c66a-4c0c-ac0c-1cd6af812ee6
+codesigning.digest=SHA256
+codesigning.storetype=ESIGNER
# Set codesigning.storepass in build.properties with the following syntax
-#codesigning.storepass=<api-key>|/path/to/Certificate_pkcs12.p12|<password>
+#codesigning.storepass=<ssl.com user name>|<ssl.com password>
+# Set codesigning.keypass in build.properties with the following syntax
+#codesigning.keypass=<ssl.com TOTP secret>
# ----- Settings to control downloading of files -----
execute.download=true
diff --git a/build.xml b/build.xml
index a58ccb3c61..98106bb816 100644
--- a/build.xml
+++ b/build.xml
@@ -2685,9 +2685,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.dist}/Uninstall.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true"/>
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.dist}/Uninstall.exe.sig" todir="res/install-win"/>
@@ -2720,9 +2722,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.release}/v${version}/bin/${final.name}.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true" />
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 20c920078e..c61af73837 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -220,6 +220,9 @@
<update>
Update Byte Buddy to 1.15.4. (remm)
</update>
+ <update>
+ Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
