This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e7df62dfdf Switch from DigiCert ONE to ssl.com eSigner for code signing
e7df62dfdf is described below
commit e7df62dfdf53f819bad7a1a1921605229527107c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Oct 23 08:32:36 2024 +0100
Switch from DigiCert ONE to ssl.com eSigner for code signing
---
build.properties.default | 10 ++++++----
build.xml | 8 ++++++--
webapps/docs/changelog.xml | 3 +++
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 33ae8d3f11..45ee247ed2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -97,11 +97,13 @@ gpg.exec=/path/to/gpg
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
do.codesigning=false
-codesigning.alias=Tomcat-PMC-cert-2023-11
-codesigning.digest=SHA-512
-codesigning.storetype=DIGICERTONE
+codesigning.alias=d97c5110-c66a-4c0c-ac0c-1cd6af812ee6
+codesigning.digest=SHA256
+codesigning.storetype=ESIGNER
# Set codesigning.storepass in build.properties with the following syntax
-#codesigning.storepass=<api-key>|/path/to/Certificate_pkcs12.p12|<password>
+#codesigning.storepass=<ssl.com user name>|<ssl.com password>
+# Set codesigning.keypass in build.properties with the following syntax
+#codesigning.keypass=<ssl.com TOTP secret>
# ----- Settings to control downloading of files -----
execute.download=true
diff --git a/build.xml b/build.xml
index 8bab45d924..66d493f0ca 100644
--- a/build.xml
+++ b/build.xml
@@ -2682,9 +2682,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.dist}/Uninstall.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true"/>
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.dist}/Uninstall.exe.sig" todir="res/install-win"/>
@@ -2717,9 +2719,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.release}/v${version}/bin/${final.name}.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true" />
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f68aa7679e..3cff7e23e1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -220,6 +220,9 @@
<update>
Update Byte Buddy to 1.15.4. (remm)
</update>
+ <update>
+ Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
